CVE-2025-52385
Published: 13 August 2025
Summary
CVE-2025-52385 is a critical-severity Code Injection (CWE-94) vulnerability in Mitre (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-52385 affects Studio 3T versions 2025.1.0 and earlier. The flaw is an instance of CWE-94 that permits remote code execution when a crafted payload is supplied to the child_process module, producing a CVSS 3.1 base score of 9.8.
A remote attacker with no authentication or user interaction required can send the malicious payload over the network and obtain arbitrary code execution on the target system, resulting in full compromise of confidentiality, integrity, and availability.
Public references consist of CWE definitions together with a proof-of-concept repository and the upstream RoboMongo project page; none of the listed sources describe patches or mitigation steps.
EPSS remains flat at 0.0248 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24619
Vulnerability details
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote code execution via crafted payload on publicly accessible application (CWE-94 code injection, no auth required).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like the code injection vulnerability in Studio 3T's child_process module to prevent remote arbitrary code execution.
Enforces information input validation at system interfaces to block crafted payloads that enable code injection via the child_process module.
Deploys malicious code protection mechanisms at entry points to detect and prevent arbitrary code execution from injected payloads.