Cyber Resilience

CVE-2025-7344

High

Published: 21 July 2025

Published
21 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 67.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7344 is a high-severity Incorrect Use of Privileged APIs (CWE-648) vulnerability in Org (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-7344, published on 2025-07-21, is a privilege escalation vulnerability in the EAI developed by Digiwin. The flaw, tied to CWE-648, enables remote attackers with regular privileges to elevate their access to administrator level through a specific API. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers require only low (regular) privileges on the target system to exploit this remotely over the network without user interaction. Successful exploitation grants administrator-level privileges, potentially allowing full system compromise, including unauthorized data access, modification, or disruption.

Advisories from Digiwin and TWCERT detail mitigation steps, available at https://www.digiwin.com/tw/news/3567.html, https://www.twcert.org.tw/en/cp-139-10273-ce2ed-2.html, and https://www.twcert.org.tw/tw/cp-132-10272-5b691-1.html. Security practitioners should consult these for patching instructions and workarounds specific to the affected EAI deployment.

EU & UK References

Vulnerability details

The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct privilege escalation via API exploitation from regular to admin rights matches T1068 exactly.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-35663Shared CWE-648
CVE-2026-35669Shared CWE-648
CVE-2026-20122Shared CWE-648
CVE-2026-35639Shared CWE-648
CVE-2026-41329Shared CWE-648
CVE-2026-20126Shared CWE-648
CVE-2026-35625Shared CWE-648
CVE-2026-41386Shared CWE-648
CVE-2026-35645Shared CWE-648
CVE-2026-41225Shared CWE-648

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Principle of least privilege restricts regular users from escalating to administrator level via the vulnerable API, directly countering the privilege escalation vulnerability.

prevent

Access enforcement ensures approved authorizations are applied to API calls, blocking unauthorized privilege elevation from regular to admin privileges.

prevent

Account management limits assignment of unnecessary privileges to regular accounts, reducing the risk and impact of escalation through the API vulnerability.

References