Cyber Resilience

CVE-2025-6335

LowPublic PoC

Published: 20 June 2025

Published
20 June 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0102 77.6th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6335 is a low-severity Injection (CWE-74) vulnerability in Dedecms Dedecms. Its CVSS base score is 2.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability identified as CVE-2025-6335 exists in DedeCMS versions up to 5.7.2 and is present in the Template Handler component within the file /include/dedetag.class.php. The issue stems from improper handling of the notes argument, which permits command injection and is tracked under CWE-74 and CWE-77. It received a CVSS 4.0 score of 2.0 reflecting high attack complexity requirements despite remote reachability.

An authenticated attacker with administrative privileges can supply crafted input to the affected parameter over the network, resulting in execution of arbitrary commands on the server. The exploit code has already been published, enabling potential reuse by threat actors who obtain the necessary credentials.

Public references consist of a GitHub disclosure and multiple Vuldb entries that document the flaw and proof-of-concept details, but no vendor advisory or patch information is provided in the available sources. The associated EPSS score has remained flat at 0.0102 with no observed increase since publication.

EU & UK References

Vulnerability details

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack…

more

may be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

CVE-2025-6335 enables remote authenticated command injection via template handler in public-facing DedeCMS web application, facilitating T1190 (Exploit Public-Facing Application), T1059 (Command and Scripting Interpreter), and T1202 (Indirect Command Execution).

Affected Assets

dedecms
dedecms
≤ 5.7.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

References