CVE-2025-54944

Critical

Published: 30 August 2025

Published

30 August 2025

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54944 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sun.Net Ehrd Ctms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents unrestricted uploads of dangerous file types by enforcing input validation of file extensions, MIME types, and contents at entry points like the training system's upload feature.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in SUNNET Corporate Training Management System versions before 10.11 by applying vendor patches or upgrades to eliminate the upload vulnerability.

SI-3 Malicious Code Protection good match

preventdetect

Scans uploaded files for malicious code in real-time or periodically, blocking or detecting dangerous executables that could lead to arbitrary code execution on the server.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unrestricted file upload in a public-facing web application (T1190: Exploit Public-Facing Application) enables attackers to deploy web shells or malicious code files for remote code execution (T1100: Web Shell).

NVD Description

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

Deeper analysisAI

CVE-2025-54944 is an unrestricted upload of file with dangerous type vulnerability, classified under CWE-434, affecting the SUNNET Corporate Training Management System in versions before 10.11. This flaw enables remote attackers to upload malicious files, allowing them to write code to a specific file on the server, which may result in arbitrary code execution. Published on 2025-08-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact and ease of exploitation.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-level impacts on confidentiality, integrity, and availability, primarily through arbitrary code execution on the targeted system.

The advisory at https://zuso.ai/advisory/za-2025-12 provides further details on mitigation strategies for this vulnerability.