CVE-2025-8125
BaseFortify
Publication date: 2025-07-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deerwms | deer-wms-2 | to 3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8125 is a critical SQL injection vulnerability in deerwms deer-wms-2 versions up to 3.3. It occurs in the endpoint /system/role/authUser/allocatedList due to improper handling of the parameter params[dataScope]. The application directly injects this user-controllable input into an SQL query without sanitization or using prepared statements, allowing attackers to inject malicious SQL code. This enables attackers to manipulate the database queries executed by the system, potentially extracting sensitive data or executing arbitrary commands on the database. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized extraction of sensitive database information, such as user data. Attackers may also escalate privileges and gain full control over the server hosting the application. This compromises the confidentiality, integrity, and availability of the affected system. Since the exploit can be launched remotely without authentication and a proof-of-concept is publicly available, the risk of attack is high. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the endpoint /system/role/authUser/allocatedList with malicious payloads in the params[dataScope] parameter to test for SQL injection. For example, you can use curl to send a request with a payload that triggers an SQL error revealing database information: curl -X POST 'http://<target>/system/role/authUser/allocatedList' -d 'params[dataScope]=and extractvalue(1,concat(0x7e,(select database()),0x7e))'. If the response contains database error messages or data, it indicates the presence of the vulnerability. Monitoring network traffic for unusual or suspicious POST requests to this endpoint with SQL injection patterns can also help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the vulnerable endpoint /system/role/authUser/allocatedList to prevent exploitation. If possible, apply input validation and sanitization on the params[dataScope] parameter to block malicious SQL code. Since no known patches or mitigations are available, consider replacing the affected deer-wms-2 component with a secure alternative. Additionally, monitor logs and network traffic for exploitation attempts and apply network-level protections such as web application firewalls (WAF) to block SQL injection payloads targeting this endpoint. [1, 3]