Cyber Resilience

CVE-2025-61196

HighRCE

Published: 30 October 2025

Published
30 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61196 is a high-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-61196 is a code injection vulnerability (CWE-94) in BusinessNext CRMnext version 10.8.3.0. The flaw allows a remote attacker to execute arbitrary code by exploiting the comments input parameter. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.

A remote attacker with low privileges, such as an authenticated user, can exploit the vulnerability over the network with low attack complexity and without requiring user interaction. Successful exploitation enables arbitrary code execution on the affected system, resulting in high impacts to confidentiality, integrity, and availability.

References for further details, including potential exploitation information, are provided in the GitHub repository at https://github.com/zsamamah/CVE-2025-61196/blob/main/CVE-2025-61196.md. No vendor-specific patches or mitigation guidance are detailed in the available information.

EU & UK References

Vulnerability details

An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a code injection flaw in a public-facing CRM web application (BusinessNext CRMnext), enabling remote arbitrary code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13773Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2026-30643Shared CWE-94
CVE-2026-30460Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2024-13792Shared CWE-94
CVE-2020-37052Shared CWE-94
CVE-2026-42555Shared CWE-94
CVE-2025-65037Shared CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates code injection vulnerability by requiring validation and sanitization of untrusted inputs like the comments parameter to prevent arbitrary code execution.

prevent

Addresses the root cause by requiring timely identification, reporting, and remediation of the specific code injection flaw in CRMnext v.10.8.3.0.

prevent

Provides defense-in-depth protection against execution of injected code via memory protections such as non-executable memory regions.

References