CVE-2025-52239
Published: 04 August 2025
Summary
CVE-2025-52239 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Zkea Zkeacms. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2025-52239 is an arbitrary file upload vulnerability affecting ZKEACMS version 4.1 and is tracked under CWE-434. It carries a CVSS 3.1 base score of 9.8 reflecting network-accessible attack vectors that require no authentication or user interaction.
The flaw permits unauthenticated remote attackers to upload a crafted file that results in arbitrary code execution on the server, granting complete control over confidentiality, integrity, and availability of the affected installation.
The provided references contain no advisory statements or patch guidance. The associated EPSS score remains flat at 0.0106 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23546
Vulnerability details
An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload RCE in public-facing CMS directly maps to initial access via T1190 and web shell deployment via T1505.003.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates uploaded files to ensure consistency with expected safe content and types, preventing arbitrary code execution via crafted malicious files.
Restricts file uploads to only permitted types and sources, blocking unauthenticated attackers from uploading dangerous files exploiting the vulnerability.
Scans and blocks malicious code in uploaded files using protection mechanisms, mitigating arbitrary code execution even if uploads occur.