CVE-2025-54944
Published: 30 August 2025
Summary
CVE-2025-54944 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sun.Net Ehrd Ctms. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-54944 is an unrestricted upload of file with dangerous type vulnerability, classified under CWE-434, affecting the SUNNET Corporate Training Management System in versions before 10.11. This flaw enables remote attackers to upload malicious files, allowing them to write code to a specific file on the server, which may result in arbitrary code execution. Published on 2025-08-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact and ease of exploitation.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-level impacts on confidentiality, integrity, and availability, primarily through arbitrary code execution on the targeted system.
The advisory at https://zuso.ai/advisory/za-2025-12 provides further details on mitigation strategies for this vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-26257
Vulnerability details
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload in a public-facing web application (T1190: Exploit Public-Facing Application) enables attackers to deploy web shells or malicious code files for remote code execution (T1100: Web Shell).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents unrestricted uploads of dangerous file types by enforcing input validation of file extensions, MIME types, and contents at entry points like the training system's upload feature.
Remediates the specific flaw in SUNNET Corporate Training Management System versions before 10.11 by applying vendor patches or upgrades to eliminate the upload vulnerability.
Scans uploaded files for malicious code in real-time or periodically, blocking or detecting dangerous executables that could lead to arbitrary code execution on the server.