Cyber Posture

CVE-2025-25940

CriticalPublic PoC

Published: 10 March 2025

Published
10 March 2025
Modified
23 June 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0163 82.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

Security Summary

CVE-2025-25940 is a critical vulnerability in VisiCut 2.1 that enables arbitrary code execution through insecure XML deserialization in the loadPlfFile method of VisicutModel.java. The issue is classified under CWE-502 (Deserialization of Untrusted Data) and affects the VisiCut software component.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact effects on confidentiality, integrity, and availability, including full code execution on the target system.

Advisories and mitigation guidance are provided at https://royblume.github.io/CVE-2025-25940/ and the VisiCut GitHub repository https://github.com/t-oster/VisiCut, published on 2025-03-10.

Details

CWE(s)
CWE-502

Affected Products

visicut
visicut
2.1

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Remote unauthenticated arbitrary code execution via insecure XML deserialization directly enables exploitation of public-facing applications (T1190) and command/script execution on the target (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References