CVE-2025-69559

CriticalPublic PoC

Published: 27 January 2026

Published

27 January 2026

Modified

03 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 23.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69559 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Carmelo Computer Book Store. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly counters CWE-434 by validating uploaded files in admin_add.php to block dangerous types and content.

AC-3 Access Enforcement good match

prevent

Enforces authentication and authorization to block unauthenticated remote access to the vulnerable admin_add.php endpoint.

SI-2 Flaw Remediation good match

prevent

Remediates the specific code flaw in admin_add.php enabling unrestricted file uploads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unrestricted file upload (CWE-434) in a public-facing web app directly enables remote exploitation (T1190) and deployment of web shells for RCE/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php.

Deeper analysisAI

CVE-2025-69559 is a critical file upload vulnerability in code-projects Computer Book Store 1.0, specifically within the admin_add.php component. Classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), it enables attackers to upload malicious files without proper validation. The issue was published on 2026-01-27T17:16:09.760 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for severe impacts across confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation involves uploading arbitrary files via admin_add.php, which could lead to remote code execution, server compromise, or persistence mechanisms, given the high impact ratings on all three CIA triad elements.

Advisories and further details on mitigation are provided in the following references: https://gist.github.com/lih28984-commits/cd3a275dfd9c92a79b6a4a0e8801f4fa and https://gitee.com/Z_180yc/zyy/issues/IDBY27.