CVE-2025-48732
Published: 24 July 2025
Summary
CVE-2025-48732 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Wwbn Avideo. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the incomplete blacklist flaw in the .htaccess sample by applying patches or fixes to prevent arbitrary code execution via .phar files.
Enforces secure baseline configuration settings for web servers, including proper .htaccess blacklisting of dangerous file types like .phar to block exploitation.
Restricts unauthorized information inputs such as specially crafted HTTP requests for .phar files, directly countering the incomplete blacklist vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote code execution via crafted request to public-facing web app due to incomplete input blacklist bypass.
NVD Description
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.
Deeper analysisAI
CVE-2025-48732 is an incomplete blacklist vulnerability in the .htaccess sample file shipped with WWBN AVideo version 14.4 and the dev master commit 8a8954ff. The flaw allows a specially crafted HTTP request targeting a .phar file to bypass restrictions and trigger arbitrary code execution. It is classified under CWE-184 (Incomplete List of Disallowed Inputs) with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
An unauthenticated attacker with network access to the affected AVideo instance can exploit this vulnerability remotely with low complexity and no user interaction required. By sending a malicious HTTP request for a .phar file, the attacker achieves arbitrary code execution, potentially leading to low-impact compromise of confidentiality, integrity, and availability on the server.
Mitigation details are available in the Talos Intelligence advisory TALOS-2025-2213, published alongside the CVE on 2025-07-24. Security practitioners should review this report for recommended patches, workarounds, or configuration changes to address the incomplete blacklist in the .htaccess sample.
Details
- CWE(s)