Cyber Posture

CVE-2025-25760

High

Published: 27 February 2025

Published
27 February 2025
Modified
09 April 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0031 53.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25760 is a high-severity SSRF (CWE-918) vulnerability in Sucms Project Sucms. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates crafted GET request parameters in admin_webgather.php to prevent the server from initiating unauthorized requests to internal services.

AC-4 Information Flow Enforcement good match
prevent

Enforces information flow control policies restricting the vulnerable component from accessing internal data and services via attacker-controlled inputs.

SC-7 Boundary Protection good match
prevent

Monitors and controls communications at boundaries to block outbound requests from the web server to unauthorized internal resources triggered by SSRF exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SSRF in public-facing web component (admin_webgather.php) directly enables remote exploitation of exposed application to reach internal resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.

Deeper analysisAI

CVE-2025-25760 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the admin_webgather.php component in SUCMS version 1.0. The flaw enables attackers to access internal data and services through a crafted GET request. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to its potential for confidential data exposure without requiring authentication or user interaction.

Remote attackers with network access can exploit this vulnerability by sending a specially crafted GET request to the vulnerable endpoint. Successful exploitation allows them to force the server to make unauthorized requests to internal resources, potentially retrieving sensitive internal data or interacting with backend services not directly exposed to the internet.

Mitigation details and further technical analysis are available in the referenced advisory document at https://github.com/147536951/Qianyi-learn/blob/main/SUCMS2.pdf, published on 2025-02-27. Security practitioners should review it for patching guidance or workarounds specific to SUCMS v1.0 deployments.

Details

CWE(s)
CWE-918

Affected Products

sucms project
sucms
1.0

CVEs Like This One

CVE-2024-13194Same product: Sucms Project Sucms
CVE-2025-25759Same product: Sucms Project Sucms
CVE-2026-7025Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2025-52362Shared CWE-918
CVE-2026-31317Shared CWE-918
CVE-2026-5016Shared CWE-918
CVE-2026-26338Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-68030Shared CWE-918

References