Cyber Resilience

CVE-2025-50722

CriticalPublic PoCRCE

Published: 25 August 2025

Published
25 August 2025
Modified
09 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0135 80.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50722 is a critical-severity Command Injection (CWE-77) vulnerability in Sparkshop Sparkshop. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-50722 is an insecure permissions vulnerability affecting SparkShop version 1.1.7. The flaw resides in the Common.php component and is tracked under CWE-77. It carries a CVSS 3.1 score of 9.8, reflecting network attack vector, low complexity, and no required authentication or user interaction.

A remote attacker can exploit the weakness to execute arbitrary code on the affected installation, resulting in full compromise of confidentiality, integrity, and availability. The EPSS score remains flat at 0.0135 with no material increase since disclosure.

The sole public reference is a technical document hosted on GitHub that describes the issue; no vendor advisory or patch information is provided in the available references.

EU & UK References

Vulnerability details

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote unauthenticated command injection (CWE-77) in public-facing PHP app directly enables T1190 exploitation and T1059.004 Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-57583Shared CWE-77
CVE-2026-46368Shared CWE-77
CVE-2024-39781Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-3518Shared CWE-77
CVE-2024-57590Shared CWE-77

Affected Assets

sparkshop
sparkshop
1.1.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the insecure permissions flaw in Common.php of sparkshop v1.1.7 that enables arbitrary code execution.

prevent

Validates inputs to the Common.php component to prevent command injection exploits (CWE-77) leading to RCE.

prevent

Enforces access controls on the Common.php component to mitigate insecure permissions allowing unauthenticated remote access and code execution.

References