CVE-2025-6766
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sfturing | hosp_order | to 2021-09-03 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6766 is a critical SQL Injection vulnerability in the sfturing hosp_order application, specifically in the getOfficeName function of OfficeServiceImpl.java. It occurs due to improper handling of the officesName argument, allowing attackers to inject malicious SQL code. This enables unauthorized execution of arbitrary SQL statements against the database, potentially leading to unauthorized data access, modification, or deletion. Additionally, attackers may leverage database extensions to execute system-level commands on the host server, implanting persistent backdoors and increasing the attack impact. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive data, modification or deletion of database contents, and potential full compromise of the host system through execution of system-level commands. Attackers can remotely exploit this flaw without authentication, leading to loss of confidentiality, integrity, and availability of the affected system. Persistent backdoors may be implanted, increasing long-term risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SQL injection vulnerability can be performed by monitoring for unusual or unauthorized SQL queries targeting the getOfficeName function or the officesName parameter in the sfturing hosp_order application. Since a public proof-of-concept exploit is available on GitHub, one could use it to test the system in a controlled environment. Additionally, network monitoring tools can be used to detect suspicious remote attempts to inject SQL commands. Specific commands are not provided in the resources, but typical approaches include using SQL injection detection tools or running the public exploit against a test instance. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations are currently available for this vulnerability. The suggested immediate step is to replace the affected component with an alternative product. Since the product uses a rolling release with no version details for affected or updated releases, patching is not currently an option. It is also advisable to restrict remote access to the vulnerable service and monitor for exploitation attempts until a fix or replacement is implemented. [2]