CVE-2025-51667
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ryansu | simple_admin | From 1.2.0 (inc) to 1.6.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51667 is a limited SQL injection vulnerability in the simple-admin-core system versions v1.2.0 through v1.6.7, specifically in the /sys-api/role/update API endpoint. The vulnerability arises because the 'code' parameter is directly embedded into an SQL query on the casbin_rules table without proper sanitization. Although the 'code' parameter length is limited to 20 characters, attackers can still exploit this to cause partial data leakage or disrupt normal system operations, including performing advanced attacks by combining inputs or causing database delays. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to partial leakage of sensitive data from the database or disruption of normal system operations. Attackers can exploit it to modify data in the casbin_rules table, potentially altering system behavior. Additionally, it can be used to perform MySQL-based Denial of Service (DDoS) attacks by sending requests with long sleep() calls, which occupy database threads and degrade system availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /sys-api/role/update endpoint containing SQL injection patterns in the 'code' parameter, such as payloads including 'sleep()' calls or SQL syntax like "'or sleep(999)#". A practical detection method is to capture and analyze HTTP traffic for such patterns. For example, using curl to test the endpoint with a payload that triggers a delay can help confirm the vulnerability: curl -X POST http://<target>/sys-api/role/update -H "Content-Type: application/json" -d '{"sort":55,"status":1,"id":4,"name":"right","code":"1'or sleep(5)#","defaultRouter":"test","remark":""}' If the response is delayed by the sleep duration, it indicates the vulnerability. Additionally, network intrusion detection systems (NIDS) can be configured to alert on such SQL injection patterns targeting this endpoint. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restrict access to the /sys-api/role/update endpoint to trusted users or internal networks only. 2) Implement input validation and sanitization on the 'code' parameter to prevent SQL injection, ensuring that user input is properly escaped or parameterized in SQL queries. 3) Apply web application firewall (WAF) rules to detect and block SQL injection attempts targeting this endpoint. 4) If possible, upgrade or patch the simple-admin-core system to a version where this vulnerability is fixed. 5) Monitor logs and network traffic for suspicious activity related to this endpoint and respond accordingly. [2]