Cyber Posture

CVE-2025-8815

HighPublic PoC

Published: 10 August 2025

Published
10 August 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0049 65.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8815 is a high-severity Path Traversal (CWE-22) vulnerability in Morning-Pro Morning. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing web application through Shiro path traversal for authentication bypass combined with unsafe Fastjson deserialization (T1190), directly facilitating remote command execution via system interpreters (T1059).

NVD Description

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to…

more

launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Deeper analysisAI

CVE-2025-8815 is a critical path traversal vulnerability (CWE-22) discovered in the 猫宁i Morning project up to commit bc782730c74ff080494f145cc363a0b4f43f7d3e. The flaw affects an unknown function within the /index file of the Shiro Configuration component. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-08-10T16:15:26.433.

The vulnerability enables remote exploitation without authentication or user interaction. Attackers can manipulate inputs to traverse paths, potentially achieving low-level impacts on confidentiality, integrity, and availability. An exploit has been publicly disclosed and may be actively used.

Advisories note that the product employs a rolling release model for continuous delivery, so no specific version details exist for affected or updated releases. Mitigation guidance is available in references such as https://gitee.com/morning-pro/Morning/issues/ICOVAK and https://vuldb.com/?ctiid.319344.

Details

CWE(s)
CWE-22

Affected Products

morning-pro
morning
all versions

CVEs Like This One

CVE-2025-12062Shared CWE-22
CVE-2026-0805Shared CWE-22
CVE-2024-55597Shared CWE-22
CVE-2025-69770Shared CWE-22
CVE-2026-32805Shared CWE-22
CVE-2025-1770Shared CWE-22
CVE-2025-24494Shared CWE-22
CVE-2025-59384Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-7213Shared CWE-22

References