Cyber Resilience

CVE-2025-2705

Medium

Published: 24 March 2025

Published
24 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0011 28.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2705 is a medium-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-2705 is a critical vulnerability in Digiwin ERP 5.1, affecting the DoUpload and DoWebUpload functions within the /Api/FileUploadApi.ashx component. The issue arises from manipulation of the File argument, enabling unrestricted file upload. Published on 2025-03-24, it is associated with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type), with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Remote attackers require no privileges or user interaction to exploit this vulnerability, allowing them to upload arbitrary files over the network with low attack complexity. Exploitation can result in low impacts to confidentiality, integrity, and availability, potentially enabling further compromise depending on the uploaded file type.

Advisories from VulDB and related GitHub reports indicate that the vendor was contacted early regarding disclosure but provided no response. No patches or official mitigations are referenced, and full exploit details have been publicly disclosed, making active use possible.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The…

more

exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public-facing web component directly enables T1190 for initial access; facilitates T1505.003 via arbitrary malicious file (e.g., web shell) upload.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-13144Shared CWE-284, CWE-434
CVE-2025-8255Shared CWE-284, CWE-434
CVE-2025-2219Shared CWE-284, CWE-434
CVE-2025-7413Shared CWE-284, CWE-434
CVE-2025-0341Shared CWE-284, CWE-434
CVE-2026-3748Shared CWE-284, CWE-434
CVE-2026-2666Shared CWE-284, CWE-434
CVE-2026-2979Shared CWE-284, CWE-434
CVE-2026-3800Shared CWE-284, CWE-434
CVE-2025-1355Shared CWE-284, CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates unrestricted file upload by requiring validation of the File argument to block dangerous file types in the /Api/FileUploadApi.ashx endpoint.

prevent

Enforces approved access controls to prevent unauthorized manipulation of the File argument and unrestricted uploads via the vulnerable DoUpload/DoWebUpload functions.

prevent

Requires timely identification, reporting, and remediation of the critical unrestricted file upload flaw in Digiwin ERP 5.1.

References