Cyber Resilience

CVE-2025-54816

Critical

Published: 22 January 2026

Published
22 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0042 33.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-54816 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Evmapa Evmapa. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-17 (Remote Access).

Deeper analysis

CVE-2025-54816 is a vulnerability in a WebSocket endpoint that does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. Published on 2026-01-22, it is associated with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). The issue enables attackers to gain unauthorized access to sensitive data or perform unauthorized actions, potentially leading to privilege escalation and compromise of the entire system.

The vulnerability can be exploited by any remote attacker with network access, requiring low complexity, no privileges, no user interaction, and no special scoping changes. Successful exploitation grants high confidentiality and integrity impacts with low availability impact, allowing unauthorized connections that expose sensitive data, enable unauthorized actions, escalate privileges, and threaten overall system security.

Mitigation details are provided in CISA advisory ICSA-26-022-08, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08 and the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that…

more

no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Missing authentication on public WebSocket endpoint directly enables remote exploitation of a public-facing application for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55705Same product: Evmapa Evmapa
CVE-2025-53968Same product: Evmapa Evmapa
CVE-2026-4810Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306
CVE-2026-21992Shared CWE-306
CVE-2025-26362Shared CWE-306
CVE-2026-48692Shared CWE-306
CVE-2022-50981Shared CWE-306

Affected Assets

evmapa
evmapa
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 explicitly defines and restricts actions permitted without identification or authentication, directly preventing unauthorized WebSocket connections due to missing authentication enforcement.

prevent

AC-3 enforces approved access authorizations in the system, ensuring authentication is required before allowing connections to the vulnerable WebSocket endpoint.

prevent

AC-17 authorizes, monitors, and controls remote access sessions, mitigating unauthorized remote connections to the WebSocket endpoint over the network.

References