Cyber Posture

CVE-2025-7620

High

Published: 14 July 2025

Published
14 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7620 is a high-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Org (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Drive-by Compromise (T1189) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely patching and remediation of the specific RCE flaw in the cross-browser document creation component.

SI-3 Malicious Code Protection good match
preventdetect

Deploys malicious code protection mechanisms to scan and block arbitrary programs downloaded and executed via exploitation of the vulnerable component.

CM-7 Least Functionality good match
prevent

Enforces least functionality by disabling or restricting the non-essential document creation component vulnerable to remote exploitation from malicious websites.

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1204 User Execution Execution
An adversary may rely upon specific actions by a user in order to gain execution.
attack.mitre.org →
Why these techniques?

Vuln enables drive-by compromise via malicious site visit (T1189), user-triggered download/execution of arbitrary code (T1105 + T1204).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The cross-browser document creation component produced by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malicious website while the component is active, remote attackers can cause the system to download and execute arbitrary…

more

programs.

Deeper analysisAI

CVE-2025-7620 is a Remote Code Execution vulnerability affecting the cross-browser document creation component produced by Digitware System Integration Corporation. Published on 2025-07-14, the flaw carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-494.

Remote attackers can exploit the vulnerability when a user visits a malicious website while the component is active. No privileges are required, but user interaction is necessary. Successful exploitation enables attackers to cause the affected system to download and execute arbitrary programs, leading to high impacts on confidentiality, integrity, and availability.

Advisories from TWCERT provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10242-5ab42-2.html and https://www.twcert.org.tw/tw/cp-132-10241-2ec07-1.html.

Details

CWE(s)
CWE-494

Affected Products

Org
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-56513Shared CWE-494
CVE-2026-27180Shared CWE-494
CVE-2025-57431Shared CWE-494
CVE-2025-27593Shared CWE-494
CVE-2026-40066Shared CWE-494
CVE-2025-1058Shared CWE-494
CVE-2025-69263Shared CWE-494
CVE-2026-3502Shared CWE-494
CVE-2024-50696Shared CWE-494
CVE-2024-43169Shared CWE-494

References