Cyber Resilience

CVE-2025-3983

MediumPublic PoC

Published: 27 April 2025

Published
27 April 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0095 76.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3983 is a medium-severity Injection (CWE-74) vulnerability in Amttgroup Hibos. Its CVSS base score is 5.1 (Medium).

Operationally, ranked in the top 23.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability has been identified in AMTT Hotel Broadband Operation System version 1.0, specifically in the file /manager/system/nlog_down.php. The issue stems from improper handling of the ProtocolType argument, which permits command injection and is tracked under CWE-74 and CWE-77. The flaw is remotely exploitable and has been assigned a CVSS 4.0 score of 5.1; the vendor was notified prior to disclosure but did not respond.

An authenticated remote attacker with administrative privileges can supply crafted input to the affected parameter and execute arbitrary commands on the underlying system. Public exploit code has been released, and the disclosure notes that additional parameters in the same file may also be susceptible to similar manipulation.

No official patches or mitigation guidance have been issued by the vendor. Public references consist of a proof-of-concept on GitHub and entries on VulDB that document the command-injection vector without providing remediation steps.

The associated EPSS score rose from a low baseline to a peak of 0.0388 on 2026-02-23 before receding to its current value of 0.0095, indicating a period of increased exploitation interest after the initial disclosure.

EU & UK References

Vulnerability details

A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack…

more

can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

amttgroup
hibos
1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References