CVE-2025-23410
Published: 05 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-23410 is a path traversal vulnerability (CWE-23) affecting GMOD Apollo. The issue arises when uploading organism or sequence data via the web interface, as the application unzips and inspects files from supported archive types without checking for path traversal attacks. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
An unauthenticated remote attacker with network access can exploit this vulnerability by submitting a malicious archive file through the web upload feature. Exploitation requires low complexity and no user interaction, enabling high-impact compromise of confidentiality, integrity, and availability, such as arbitrary file access or modification on the server.
Mitigation guidance is available in the CISA ICS advisory ICSA-25-063-07 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The path traversal vulnerability in the public-facing web upload/unzip feature allows unauthenticated remote attackers to write arbitrary files on the server, directly enabling exploitation of public-facing applications (T1190) and facilitating deployment of web shells (T1100) for code execution and persistence.