CVE-2025-5243

CriticalRCE

Published: 24 July 2025

Published

24 July 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0055 68.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5243 is a critical-severity OS Command Injection (CWE-78) vulnerability in Gov (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes file uploads and OS command inputs to block unrestricted uploads of dangerous types and command injection exploits.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions on file types and input parameters at web upload interfaces to prevent acceptance of dangerous files leading to web shells.

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the vulnerable Information Portal software versions prior to 13.06.2025 to remediate the unrestricted upload and OS command injection flaws.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Directly enables remote exploitation of public-facing web app (T1190) to upload and execute web shell (T1505.003) via unrestricted file upload + OS command injection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion.This issue…

affects Information Portal: before 13.06.2025.

Deeper analysisAI

CVE-2025-5243 is an Unrestricted Upload of File with Dangerous Type combined with Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in the SMG Software Information Portal. This issue, linked to CWE-78 and CWE-434, affects versions of the Information Portal prior to 13.06.2025. It enables code injection, uploading a web shell to a web server, and code inclusion.

The vulnerability carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), making it exploitable over the network by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation results in high impacts to confidentiality, integrity, and availability, with a change in scope, allowing attackers to inject code, upload web shells, and achieve code inclusion for full server compromise.

Mitigation details are available in the advisory published by USOM at https://www.usom.gov.tr/bildirim/tr-25-0174.