CVE-2025-6335
Published: 20 June 2025
Summary
CVE-2025-6335 is a low-severity Injection (CWE-74) vulnerability in Dedecms Dedecms. Its CVSS base score is 2.0 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability identified as CVE-2025-6335 exists in DedeCMS versions up to 5.7.2 and is present in the Template Handler component within the file /include/dedetag.class.php. The issue stems from improper handling of the notes argument, which permits command injection and is tracked under CWE-74 and CWE-77. It received a CVSS 4.0 score of 2.0 reflecting high attack complexity requirements despite remote reachability.
An authenticated attacker with administrative privileges can supply crafted input to the affected parameter over the network, resulting in execution of arbitrary commands on the server. The exploit code has already been published, enabling potential reuse by threat actors who obtain the necessary credentials.
Public references consist of a GitHub disclosure and multiple Vuldb entries that document the flaw and proof-of-concept details, but no vendor advisory or patch information is provided in the available sources. The associated EPSS score has remained flat at 0.0102 with no observed increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28719
Vulnerability details
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack…
more
may be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-6335 enables remote authenticated command injection via template handler in public-facing DedeCMS web application, facilitating T1190 (Exploit Public-Facing Application), T1059 (Command and Scripting Interpreter), and T1202 (Indirect Command Execution).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.