CVE-2025-58443
Published: 06 September 2025
Summary
CVE-2025-58443 is a critical-severity Improper Authentication (CWE-287) vulnerability in Fogproject Fogproject. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly prohibits sensitive actions like unauthenticated database dumps by defining and restricting permitted actions without identification or authentication.
AC-3 enforces approved authorizations for access to system resources, directly preventing unauthorized extraction of the full SQL database.
SI-2 requires timely identification, reporting, and correction of flaws such as this authentication bypass via patching or upgrades.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing FOG server directly enables remote exploitation to dump database contents without credentials.
NVD Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials.…
more
A fix is expected to be released 9/15/2025. To address this vulnerability immediately, upgrade to the latest version of either the dev-branch or working-1.6 branch. This will patch the issue for users concerned about immediate exposure. See the FOG Project documentation for step-by-step upgrade instructions: https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version.
Deeper analysisAI
CVE-2025-58443 is an authentication bypass vulnerability affecting FOG, a free open-source cloning, imaging, rescue suite, and inventory management system. The issue impacts versions 1.5.10.1673 and below, stemming from CWE-287 (Improper Authentication) and CWE-306 (Missing Authentication for Critical Function). It enables attackers to perform an unauthenticated database dump, extracting the full SQL database without credentials. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high confidentiality and integrity impacts over the network.
Any remote attacker with network access to a vulnerable FOG instance can exploit this without privileges, user interaction, or high complexity. Successful exploitation allows dumping the entire SQL database, potentially exposing sensitive inventory data, user credentials, or configuration details stored within, and enabling integrity violations such as data tampering in certain scenarios.
The FOG Project advisory recommends immediate mitigation by upgrading to the latest version of the dev-branch or working-1.6 branch, which patches the issue. A stable fix is expected on September 15, 2025. Detailed upgrade instructions are available in the FOG Project documentation at https://docs.fogproject.org/en/latest/install-fog-server#choosing-a-fog-version. Additional details are in the GitHub security advisory at https://github.com/FOGProject/fogproject/security/advisories/GHSA-mvwm-9m2h-87p9.
Details
- CWE(s)