Cyber Posture

CVE-2025-63721

HighPublic PoCRCE
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: affectedAppOther: not affectedOth

Published: 08 December 2025

Published
08 December 2025
Modified
11 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 29.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63721 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Hummerrisk Hummerrisk. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

SA-11 Developer Testing and Evaluation
addresses: CWE-502

Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.

SC-44 Detonation Chambers
addresses: CWE-502

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

SI-10 Information Input Validation
addresses: CWE-502

Validates or rejects untrusted serialized data before deserialization occurs.

SI-3 Malicious Code Protection
addresses: CWE-502

Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.

SI-7 Software, Firmware, and Information Integrity
addresses: CWE-502

Integrity verification of serialized information can detect tampering before deserialization occurs.

SR-4 Provenance
addresses: CWE-502

Provenance of associated data allows detection of untrusted sources before deserialization or processing occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Insecure deserialization vulnerability in SnakeYAML (via /rule/add API) allows normal authenticated users to achieve arbitrary file writes and RCE (e.g., overwriting /etc/crontab), enabling exploitation for privilege escalation and of public-facing web applications.

NVD Description

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
NVD-CWE-noinfoCWE-502

Affected Products

hummerrisk
hummerrisk
≤ 1.5.0

References