Cyber Resilience

CVE-2025-25997

HighPublic PoC

Published: 14 February 2025

Published
14 February 2025
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0213 84.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25997 is a high-severity Path Traversal (CWE-22) vulnerability in Feminer Wms Project Feminer Wms. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-25997 is a directory traversal vulnerability, tracked as CWE-22, that affects the databak.php component in FeMiner wms version 1.0. The flaw carries a CVSS 3.1 score of 7.5 and permits remote, unauthenticated retrieval of sensitive files from the underlying system.

An attacker with network access can supply crafted path sequences to databak.php and read arbitrary files without credentials or user interaction, resulting in high-impact confidentiality exposure while leaving integrity and availability unaffected.

The sole reference is a GitHub issue tracker entry for the project; no advisory text, patch details, or mitigation guidance is supplied in the available data. EPSS values have remained low, with a current score of 0.0213 and a peak of 0.0290, showing no material upward trajectory after disclosure.

EU & UK References

Vulnerability details

Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Directory traversal in public-facing web app (databak.php) directly enables remote unauthenticated file access outside intended paths, mapping to T1190 for initial exploitation and T1005 for resulting sensitive data collection from the local filesystem.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25994Same product: Feminer Wms Project Feminer Wms
CVE-2025-12824Shared CWE-22
CVE-2026-25965Shared CWE-22
CVE-2025-30567Shared CWE-22
CVE-2025-27098Shared CWE-22
CVE-2024-55457Shared CWE-22
CVE-2026-35485Shared CWE-22
CVE-2024-54909Shared CWE-22
CVE-2026-3405Shared CWE-22
CVE-2025-41368Shared CWE-22

Affected Assets

feminer wms project
feminer wms
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates directory traversal by validating file path inputs in databak.php to block traversal sequences like ../

prevent

Addresses the specific flaw in FeMiner wms v1.0 databak.php by identifying, reporting, and correcting the vulnerability through patching.

prevent

Enforces access controls to restrict unauthorized reading of sensitive files outside the intended directory even if traversal input is processed.

References