Cyber Resilience

CVE-2025-55835

CriticalPublic PoC

Published: 12 September 2025

Published
12 September 2025
Modified
16 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0187 83.5th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55835 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sueamcms Project Sueamcms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-55835 is a file upload vulnerability in SueamCMS version 0.1.2 that stems from missing input filtering. The flaw is tracked under CWE-434 and carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack conditions with no required credentials or user interaction and full impact on confidentiality, integrity, and availability.

A remote attacker can send a crafted file upload request directly to an affected SueamCMS instance and achieve arbitrary code execution on the server. Because the vulnerability requires no authentication, any internet-reachable deployment is exposed to unauthenticated exploitation that can result in complete system compromise.

The EPSS score remains flat at 0.0187 with no material increase after disclosure. Public references consist of the vendor site and a single technical report but contain no advisory details on patches or mitigation steps.

EU & UK References

Vulnerability details

File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload (CWE-434) in a public-facing CMS directly enables remote exploitation (T1190) and web shell deployment for arbitrary code execution (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

sueamcms project
sueamcms
0.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of information inputs, directly addressing the lack of filtering that enables unrestricted upload of dangerous file types leading to arbitrary code execution.

prevent

SI-2 requires timely flaw remediation, preventing exploitation of the specific file upload vulnerability in SueamCMS v0.1.2.

preventdetect

SI-3 deploys malicious code protection mechanisms to block or detect execution of dangerous files uploaded through the unfiltered endpoint.

References