Cyber Resilience

CVE-2025-59304

CriticalPublic PoC

Published: 17 September 2025

Published
17 September 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0455 89.4th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59304 is a critical-severity Path Traversal (CWE-22) vulnerability in Swetrix Swetrix. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A directory traversal vulnerability, tracked as CVE-2025-59304 and assigned CWE-22, affects the Swetrix Web Analytics API in version 3.1.1 prior to commit 7d8b972. The flaw permits remote code execution when an attacker supplies a crafted HTTP request that manipulates file paths, resulting in a CVSS 3.1 base score of 9.8.

Unauthenticated attackers reachable over the network can exploit the issue without user interaction to obtain full control over the affected API instance, including arbitrary code execution that impacts confidentiality, integrity, and availability. The referenced GitHub pull request 397 implements the corrective patch, while an accompanying technical analysis describes the underlying file-upload vector and the automated remediation steps applied.

EPSS for the CVE rose from lower values after public disclosure to a peak of 0.0779 on 2026-02-03 before receding to the current 0.0455, indicating measurable post-disclosure exploitation interest that warrants continued monitoring by defenders.

EU & UK References

Vulnerability details

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a crafted HTTP request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Directory traversal in file upload allows remote code execution by overwriting server files (e.g., entrypoint.js with reverse shell), enabling exploitation of a public-facing web application.

CVEs Like This One

CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22
CVE-2024-36512Shared CWE-22
CVE-2025-0493Shared CWE-22
CVE-2025-70231Shared CWE-22
CVE-2026-43888Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-25785Shared CWE-22
CVE-2025-11366Shared CWE-22
CVE-2026-1810Shared CWE-22

Affected Assets

swetrix
swetrix
≤ 4.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely flaw remediation, directly addressing this directory traversal vulnerability by applying the available patch from commit 7d8b972.

prevent

SI-10 mandates validation of information inputs like HTTP request parameters, preventing directory traversal attacks that lead to RCE in the Swetrix API.

preventdetect

SC-7 enforces boundary protection via firewalls or WAFs that can filter and block crafted HTTP requests exploiting the directory traversal vulnerability.

References