Cyber Resilience

CVE-2025-8815

MediumPublic PoC

Published: 10 August 2025

Published
10 August 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0150 81.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8815 is a medium-severity Path Traversal (CWE-22) vulnerability in Morning-Pro Morning. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

A vulnerability identified as CVE-2025-8815 exists in 猫宁i Morning up to commit bc782730c74ff080494f145cc363a0b4f43f7d3e and has been rated with a CVSS score of 5.5. It is a path traversal flaw (CWE-22) located in an unknown function of the /index file within the Shiro Configuration component. The product follows a rolling release model, so no specific affected or fixed versions are listed.

The issue can be triggered remotely without authentication or user interaction. An attacker supplying crafted input may read or modify files outside intended directories, resulting in limited impacts to confidentiality, integrity, and availability.

The exploit has been made public via Gitee issue tracking and Vuldb entries, though the current EPSS score remains flat at 0.0150 with no observed increase after disclosure. No mitigation details or patch information appear in the available references.

EU & UK References

Vulnerability details

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to…

more

launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing web application through Shiro path traversal for authentication bypass combined with unsafe Fastjson deserialization (T1190), directly facilitating remote command execution via system interpreters (T1059).

CVEs Like This One

CVE-2025-12062Shared CWE-22
CVE-2025-69770Shared CWE-22
CVE-2024-55597Shared CWE-22
CVE-2026-0805Shared CWE-22
CVE-2025-1770Shared CWE-22
CVE-2026-32805Shared CWE-22
CVE-2025-24494Shared CWE-22
CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22
CVE-2024-36512Shared CWE-22

Affected Assets

morning-pro
morning
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of untrusted inputs to the /index endpoint, blocking the path traversal sequences that enable the CVE-2025-8815 attack.

prevent

Enforces access-control decisions on file-system resources so that even a successful traversal cannot obtain unauthorized read/write access to protected paths.

prevent

Mediates information flow between the Shiro-configured web layer and the underlying file system, preventing unauthorized traversal-based data exfiltration or modification.

References