Cyber Resilience

CVE-2025-52239

Critical

Published: 04 August 2025

Published
04 August 2025
Modified
14 August 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0106 78.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52239 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Zkea Zkeacms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2025-52239 is an arbitrary file upload vulnerability affecting ZKEACMS version 4.1 and is tracked under CWE-434. It carries a CVSS 3.1 base score of 9.8 reflecting network-accessible attack vectors that require no authentication or user interaction.

The flaw permits unauthenticated remote attackers to upload a crafted file that results in arbitrary code execution on the server, granting complete control over confidentiality, integrity, and availability of the affected installation.

The provided references contain no advisory statements or patch guidance. The associated EPSS score remains flat at 0.0106 with no observed rise after disclosure.

EU & UK References

Vulnerability details

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload RCE in public-facing CMS directly maps to initial access via T1190 and web shell deployment via T1505.003.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

zkea
zkeacms
4.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates uploaded files to ensure consistency with expected safe content and types, preventing arbitrary code execution via crafted malicious files.

prevent

Restricts file uploads to only permitted types and sources, blocking unauthenticated attackers from uploading dangerous files exploiting the vulnerability.

preventdetect

Scans and blocks malicious code in uploaded files using protection mechanisms, mitigating arbitrary code execution even if uploads occur.

References