CVE-2025-1177
Published: 11 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-1177 is a critical vulnerability in dayrui XunRuiCMS version 4.6.3, affecting the import_add function within the file dayrui/Fcms/Control/Admin/Linkage.php. The flaw stems from improper input validation (CWE-20) enabling deserialization (CWE-502), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2025-02-11.
The vulnerability can be exploited remotely by attackers possessing low privileges, such as authenticated users with admin access to the affected component, requiring no user interaction. Manipulation of the import_add function triggers deserialization, potentially allowing limited impacts on confidentiality, integrity, and availability.
Advisories are detailed in VulDB entries (ctiid.295080, id.295080, submit.495366), and the exploit has been publicly disclosed in a GitHub repository at stevenchen0x01/CVE2/blob/main/cve2.md, indicating it may be actively used.
Security practitioners should monitor for real-world exploitation, as the public disclosure of the exploit increases the risk of targeted attacks on unpatched XunRuiCMS instances.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Deserialization vulnerability (CWE-502) in publicly exposed CMS admin endpoint (dayrui/Fcms/Control/Admin/Linkage.php) enables remote code execution via crafted input and POP chains, directly facilitating exploitation of public-facing applications.