Security readout for executives and security teams
Plain-English summary
CVE-2025-25800 is an arbitrary file read issue reported in SeaCMS 13.3. A remote attacker may be able to read files through vulnerable handling in admin_safe_file.php. The reported impact is limited to confidentiality, not data modification or service outage.
Executive priority
Treat this as a moderate-priority exposure review. It can disclose files but sources do not indicate active exploitation, integrity impact, or availability impact. Prioritize internet-facing SeaCMS 13.3 systems and reduce administrative surface exposure.
Technical view
The CVE describes CWE-22 path traversal in SeaCMS 13.3, involving file_get_contents in admin_safe_file.php. CVSS 3.1 is 5.3: network reachable, low complexity, no privileges, no user interaction, unchanged scope, low confidentiality impact only.
Likely exposure
Organizations are likely exposed only if they run SeaCMS 13.3 with the vulnerable admin_safe_file.php reachable to untrusted users. The CVE record lists affected vendor/product fields as n/a, so confirm exposure against deployed software rather than relying on CPE matching.
Exploitation context
The source bundle does not show CISA KEV listing or active exploitation. The public GitHub reference indicates vulnerability disclosure material exists. The CVSS vector suggests remote, unauthenticated exploitation may be possible, but sources only support file-read impact.
Researcher notes
Evidence is limited to the CVE summary, CVSS vector, CWE-22 classification, SeaCMS site, and a GitHub disclosure reference. The bundle does not identify a fixed version, full affected CPEs, or confirmed in-the-wild exploitation.
Mitigation direction
Check SeaCMS vendor guidance for a verified fixed version or patch.
Restrict public access to SeaCMS administrative paths, including admin_safe_file.php.
Upgrade or patch only to a vendor-confirmed fixed release when available.
Review web server permissions to limit readable sensitive files.
Monitor logs for unusual requests to administrative PHP files.
Validation and detection
Inventory internet-facing systems for SeaCMS 13.3 deployments.
Confirm whether admin_safe_file.php exists and is externally reachable.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-22: File access and web shell behavior lookup
File traversal and upload weaknesses can lead teams to review file, web shell, execution, and collection telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-22 · source CWE mapping
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.