CVE-2025-25789
Published: 26 February 2025
Summary
CVE-2025-25789 is a critical-severity Code Injection (CWE-94) vulnerability in Foxcms Foxcms. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
FoxCMS version 1.2.5 contains a remote code execution vulnerability in the index() method of the Sitemap.php controller file. The flaw is tracked as CVE-2025-25789 and is associated with CWE-94. It received a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no requirements for authentication or user interaction.
An unauthenticated attacker with network access can supply crafted input to the affected method and execute arbitrary code on the server, resulting in full compromise of confidentiality, integrity, and availability. The published references consist of the vendor site and a public proof-of-concept repository that demonstrates the issue.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0411 (current value 0.0227), indicating emerging exploitation interest after disclosure. No vendor advisory or patch information is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5358
Vulnerability details
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE in public-facing web app component enables initial access via exploitation of public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the RCE vulnerability by requiring timely patching or updating of FoxCMS to remediate the flawed index() method in Sitemap.php.
Enforces validation and sanitization of inputs to the Sitemap controller's index() method, preventing code injection exploits (CWE-94) that lead to unauthenticated RCE.
Deploys boundary protections like web application firewalls to monitor and block remote exploitation attempts targeting the vulnerable Sitemap.php endpoint.