Cyber Posture

CVE-2025-25516

CriticalPublic PoC

Published: 25 February 2025

Published
25 February 2025
Modified
28 March 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-25516 is a SQL injection vulnerability (CWE-89) affecting SeaCMS versions 13.3 and prior, specifically in the admin_paylog.php component. Published on 2025-02-25, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation across confidentiality, integrity, and availability.

Remote attackers require no authentication or privileges and can exploit the vulnerability over the network with low complexity and no user interaction. Successful exploitation allows arbitrary SQL query execution, enabling full database compromise including data exfiltration, modification, or deletion.

Advisories are detailed in the referenced GitHub page at https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-2.md, which provides technical analysis of the issue. No specific patches or mitigations are outlined in available details.

Details

CWE(s)
CWE-89

Affected Products

seacms
seacms
≤ 13.3

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in Seacms admin_paylog.php enables exploitation of a public-facing web application for initial access (T1190) and arbitrary data collection from databases (T1213.006).

References