Cyber Resilience

CVE-2025-54944

Medium

Published: 30 August 2025

Published
30 August 2025
Modified
30 January 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54944 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sun.Net Ehrd Ctms. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-54944 is an unrestricted upload of file with dangerous type vulnerability, classified under CWE-434, affecting the SUNNET Corporate Training Management System in versions before 10.11. This flaw enables remote attackers to upload malicious files, allowing them to write code to a specific file on the server, which may result in arbitrary code execution. Published on 2025-08-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact and ease of exploitation.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-level impacts on confidentiality, integrity, and availability, primarily through arbitrary code execution on the targeted system.

The advisory at https://zuso.ai/advisory/za-2025-12 provides further details on mitigation strategies for this vulnerability.

EU & UK References

Vulnerability details

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unrestricted file upload in a public-facing web application (T1190: Exploit Public-Facing Application) enables attackers to deploy web shells or malicious code files for remote code execution (T1100: Web Shell).

CVEs Like This One

CVE-2026-7490Same product: Sun.Net Ehrd Ctms
CVE-2025-54942Same product: Sun.Net Ehrd Ctms
CVE-2026-7489Same product: Sun.Net Ehrd Ctms
CVE-2025-15226Same vendor: Sun.Net
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434

Affected Assets

sun.net
ehrd ctms
≤ 10.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents unrestricted uploads of dangerous file types by enforcing input validation of file extensions, MIME types, and contents at entry points like the training system's upload feature.

prevent

Remediates the specific flaw in SUNNET Corporate Training Management System versions before 10.11 by applying vendor patches or upgrades to eliminate the upload vulnerability.

preventdetect

Scans uploaded files for malicious code in real-time or periodically, blocking or detecting dangerous executables that could lead to arbitrary code execution on the server.

References