CVE-2025-48732
Published: 24 July 2025
Summary
CVE-2025-48732 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Wwbn Avideo. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-48732 is an incomplete blacklist vulnerability in the sample .htaccess file shipped with WWBN AVideo version 14.4 and the development master branch at commit 8a8954ff. The flaw, tracked under CWE-184, permits an attacker to upload or request files with a .phar extension that should have been blocked, resulting in arbitrary code execution on the server.
An unauthenticated remote attacker can exploit the issue by sending a crafted HTTP request that references a malicious .phar file. Successful exploitation grants the ability to execute arbitrary code with the privileges of the web server process, corresponding to the reported CVSS 7.3 rating that reflects network attack vector, low complexity, and no required authentication or user interaction.
The referenced Talos Intelligence advisory (TALOS-2025-2213) provides the technical details of the finding; no separate patch or mitigation guidance is supplied in the available references. The associated EPSS score has remained flat at 0.0340 with no material increase observed since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22535
Vulnerability details
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote code execution via crafted request to public-facing web app due to incomplete input blacklist bypass.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the incomplete blacklist flaw in the .htaccess sample by applying patches or fixes to prevent arbitrary code execution via .phar files.
Enforces secure baseline configuration settings for web servers, including proper .htaccess blacklisting of dangerous file types like .phar to block exploitation.
Restricts unauthorized information inputs such as specially crafted HTTP requests for .phar files, directly countering the incomplete blacklist vulnerability.