CVE-2025-0722
Published: 27 January 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-0722 is a vulnerability in needyamin image_gallery version 1.0 that enables unrestricted file upload. It affects unknown code within the /admin/gallery.php file of the Cover Image Handler component, where manipulation of the "image" argument triggers the issue. Classified as critical with a CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L), it maps to CWEs 284 (Improper Access Control) and 434 (Unrestricted Upload of File with Dangerous Type). The vulnerability was published on 2025-01-27.
Attackers with high privileges (PR:H) can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation grants low-level impacts on confidentiality, integrity, and availability, potentially allowing upload of malicious files through the Cover Image Handler.
Advisories from VulDB and WebSecurityInsights document the issue, noting that an exploit has been publicly disclosed and may be in use. The vendor was contacted early but provided no response, and no patches or mitigations are mentioned in available references.
The public disclosure of the exploit increases the risk of real-world attacks on exposed instances of needyamin image_gallery 1.0.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload vulnerability in the web application's admin panel (/admin/gallery.php) enables exploitation of a public-facing application (T1190), ingress tool transfer by uploading arbitrary files including webshells or tools (T1105), and deployment of web shells for persistence and remote code execution (T1505.003).