Cyber Posture

CVE-2025-65473

CriticalPublic PoC

Published: 11 December 2025

Published
11 December 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0016 35.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly patches the arbitrary file rename vulnerability in /admin/filer.php, preventing arbitrary code execution via crafted filenames.

SI-10 Information Input Validation good match
prevent

Information input validation on uploaded file names blocks crafted payloads that enable arbitrary code execution through improper filename handling.

AC-6 Least Privilege partial match
prevent

Least privilege restricts administrator access to the vulnerable /admin/filer.php component, reducing the attack surface for privilege-requiring exploitation.

Security SummaryAI

CVE-2025-65473 is an arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 versions v2.8.6 and below. Published on 2025-12-11T17:15:57.957, the issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-73. It enables attackers with Administrator privileges to execute arbitrary code by injecting a crafted payload into an uploaded file name.

Attackers must possess Administrator privileges to exploit this vulnerability remotely over the network, with low attack complexity and no user interaction required. Exploitation changes scope and achieves high impacts across confidentiality, integrity, and availability through arbitrary code execution on the affected system.

Advisories providing further details, including potential mitigations or patches, are available at https://congsec.cn?id=20251103235610-7t4en7j and https://gist.github.com/CongSec/107b9cab6dd1cb297a738f11e2b2dbb6.

Details

CWE(s)
CWE-73

Affected Products

easyimages2.0 project
easyimages2.0
≤ 2.8.6

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is an arbitrary file rename in a remotely accessible web application component (/admin/filer.php) that enables arbitrary code execution, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References