Cyber Resilience

CVE-2025-2952

MediumPublic PoC

Published: 30 March 2025

Published
30 March 2025
Modified
15 April 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 31.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2952 is a medium-severity Improper Access Control (CWE-284) vulnerability in Bluestar Micro Mall. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-2952 is a critical vulnerability in Bluestar Micro Mall 1.0 that enables unrestricted file upload. The issue affects an unknown functionality within the file /api/api.php?mod=upload&type=1, where manipulation of the "File" argument allows attackers to upload files without restrictions. Classified under CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type), it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-30.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L) over the network with low complexity and no user interaction required. Successful exploitation grants limited impacts on confidentiality, integrity, and availability, potentially allowing upload of malicious files that could lead to further compromise depending on server configuration. The exploit has been publicly disclosed and may be actively used.

Advisories and additional details are available from VulDB (https://vuldb.com/?ctiid.302005 and https://vuldb.com/?id.302005) and a Jianshu article (https://www.jianshu.com/p/22d3ae38e628?v=1742101731758). Practitioners should consult these sources for mitigation guidance, as no specific patches are detailed in the core CVE information.

EU & UK References

Vulnerability details

A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely.…

more

The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public-facing web app enables T1190 exploitation and T1100 web shell deployment for code execution/persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2951Same product: Bluestar Micro Mall
CVE-2024-13144Shared CWE-284, CWE-434
CVE-2025-8255Shared CWE-284, CWE-434
CVE-2025-2219Shared CWE-284, CWE-434
CVE-2025-7413Shared CWE-284, CWE-434
CVE-2025-0341Shared CWE-284, CWE-434
CVE-2026-3748Shared CWE-284, CWE-434
CVE-2026-2666Shared CWE-284, CWE-434
CVE-2026-2979Shared CWE-284, CWE-434
CVE-2026-3800Shared CWE-284, CWE-434

Affected Assets

bluestar
micro mall
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the File argument in the upload API to prevent unrestricted upload of dangerous file types.

prevent

Restricts file types, sizes, and other characteristics accepted by the /api/api.php upload endpoint to block malicious uploads.

prevent

Enforces access control policies on the upload functionality to mitigate improper access control allowing low-privileged exploitation.

References