CVE-2025-65656
Published: 02 December 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-65656, published on 2025-12-02, is a file inclusion vulnerability (CWE-98) affecting dcat-admin versions v2.2.3-beta and earlier. The flaw is located in the admin/src/Extend/VersionManager.php component of this PHP-based admin panel framework.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely by unauthenticated attackers with low complexity and no user interaction. Exploitation enables high-impact compromise of confidentiality, integrity, and availability, typically through arbitrary file inclusion that may lead to remote code execution on the affected server.
Mitigation guidance is available in associated advisories, including the official dcat-admin repository at https://github.com/jqhph/dcat-admin and a dedicated CVE document at https://github.com/lznlol/operation-log/blob/main/CVE-2025-65656.md, which likely detail patches or upgrade instructions for vulnerable installations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
File inclusion vulnerability in dcat-admin web application (admin/src/Extend/VersionManager.php) enables exploitation of a public-facing application for remote code execution or arbitrary file inclusion.