Cyber Posture

CVE-2025-3040

MediumPublic PoC

Published: 31 March 2025

Published
31 March 2025
Modified
09 July 2025
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0033 55.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

Security Summary

CVE-2025-3040 is a critical vulnerability in Project Worlds Online Time Table Generator version 1.0, affecting unknown functionality within the /admin/add_student.php file. The issue stems from manipulation of the "pic" argument, enabling unrestricted file upload. Published on 2025-03-31, it carries a CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWEs 284 (Improper Access Control) and 434 (Unrestricted Upload of File with Dangerous Type).

The vulnerability can be exploited remotely by attackers possessing low privileges, such as access to the admin interface, requiring low attack complexity and no user interaction. Exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to upload malicious files through the affected endpoint.

Advisories provide further details at https://github.com/ydnd/cve/issues/11, https://vuldb.com/?ctiid.302102, https://vuldb.com/?id.302102, and https://vuldb.com/?submit.524934. The exploit has been publicly disclosed and may be used by attackers.

Details

CWE(s)
CWE-284CWE-434

Affected Products

projectworlds
online time table generator
1.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unrestricted file upload in public-facing web app (/admin/add_student.php) enables initial access via exploitation (T1190), transfer of tools/malware like PHP shells (T1105), and web shell deployment for RCE (T1505.003).

References