CVE-2025-8161
BaseFortify
Publication date: 2025-07-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deerwms | deer-wms-2 | to 3.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8161 is a critical SQL injection vulnerability in the deerwms deer-wms-2 Warehouse Management System versions up to 3.3. It occurs at the /system/role/export endpoint where the parameter params[dataScope] is user-controllable and not properly sanitized. The system constructs SQL queries dynamically using this parameter without using prepared statements or escaping special characters, allowing attackers to inject malicious SQL code. This enables attackers to execute arbitrary SQL commands remotely, potentially extracting sensitive database information or gaining full control over the affected server. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to sensitive database information, data leakage, and unauthorized data manipulation. Attackers may gain full control over the affected server, compromising the confidentiality, integrity, and availability of the system. Since the attack can be launched remotely without authentication, it poses a significant security risk to organizations using the affected software. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the /system/role/export endpoint with malicious payloads in the params[dataScope] parameter to test for SQL injection. For example, you can use curl to send a test payload that attempts to trigger an SQL error or extract database information, such as: curl -X POST 'http://<target>/system/role/export' -d 'params[dataScope]=and extractvalue(1,concat(0x7e,(select database()),0x7e))' If the response contains database error messages or data leakage, it indicates the presence of the vulnerability. Additionally, monitoring network traffic for unusual POST requests to /system/role/export with suspicious params[dataScope] values can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or blocking access to the /system/role/export endpoint to prevent exploitation, especially from untrusted networks. Since no known countermeasures or patches are reported, consider replacing or upgrading the affected deer-wms-2 software to a non-vulnerable version if available. Additionally, implement web application firewall (WAF) rules to detect and block SQL injection attempts targeting the params[dataScope] parameter. Review and sanitize all user inputs and avoid using dynamic SQL with unsanitized parameters in your codebase. [2, 3]