Cyber Posture

CVE-2025-7344

High

Published: 21 July 2025

Published
21 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7344 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Org (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Principle of least privilege restricts regular users from escalating to administrator level via the vulnerable API, directly countering the privilege escalation vulnerability.

AC-3 Access Enforcement good match
prevent

Access enforcement ensures approved authorizations are applied to API calls, blocking unauthorized privilege elevation from regular to admin privileges.

AC-2 Account Management partial match
prevent

Account management limits assignment of unnecessary privileges to regular accounts, reducing the risk and impact of escalation through the API vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct privilege escalation via API exploitation from regular to admin rights matches T1068 exactly.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API.

Deeper analysisAI

CVE-2025-7344, published on 2025-07-21, is a privilege escalation vulnerability in the EAI developed by Digiwin. The flaw, tied to CWE-648, enables remote attackers with regular privileges to elevate their access to administrator level through a specific API. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers require only low (regular) privileges on the target system to exploit this remotely over the network without user interaction. Successful exploitation grants administrator-level privileges, potentially allowing full system compromise, including unauthorized data access, modification, or disruption.

Advisories from Digiwin and TWCERT detail mitigation steps, available at https://www.digiwin.com/tw/news/3567.html, https://www.twcert.org.tw/en/cp-139-10273-ce2ed-2.html, and https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html. Security practitioners should consult these for patching instructions and workarounds specific to the affected EAI deployment.

Details

CWE(s)
CWE-648

Affected Products

Org
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-35639Shared CWE-648
CVE-2026-20126Shared CWE-648
CVE-2026-35625Shared CWE-648
CVE-2026-41329Shared CWE-648
CVE-2026-35663Shared CWE-648
CVE-2026-20122Shared CWE-648
CVE-2026-35669Shared CWE-648
CVE-2026-41386Shared CWE-648
CVE-2026-35645Shared CWE-648
CVE-2025-2311Shared CWE-648

References