CVE-2025-51825
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-10-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| guojusoft | jeecgboot | From 3.4.3 (inc) to 3.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-51825 is a SQL injection vulnerability in JeecgBoot versions 3.4.3 to 3.8.0, specifically in the /jeecg-boot/online/cgreport/head/parseSql endpoint. The vulnerability arises because the method responsible for checking SQL queries against a blacklist improperly handles subqueries. When a maliciously crafted subquery is sent, it triggers an exception that causes the blacklist check to be bypassed, allowing the attacker to execute arbitrary SQL commands through the report interface. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows attackers to bypass SQL injection blacklist restrictions and execute arbitrary SQL queries on the affected system. This can lead to unauthorized data access, data manipulation, or data leakage through the online report interface. Attackers can create reports with malicious SQL, retrieve sensitive database information, and potentially compromise the integrity and confidentiality of the database. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /jeecg-boot/online/cgreport/head/parseSql endpoint with crafted SQL queries that include subqueries designed to bypass the blacklist. For example, sending a GET request with the parameter sql=select schema_name from (information_schema.schemata) can be used to check if the blacklist is bypassed. A command using curl might be: curl -G 'http://<target>/jeecg-boot/online/cgreport/head/parseSql' --data-urlencode "sql=select schema_name from (information_schema.schemata)". If this request succeeds without triggering a blacklist warning, the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /jeecg-boot/online/cgreport/head/parseSql endpoint to trusted users only, applying input validation or filtering at the web application firewall level to block suspicious subquery patterns, and monitoring logs for unusual SQL query patterns targeting this endpoint. Additionally, updating JeecgBoot to a version later than 3.8.0 where this vulnerability is fixed is recommended once a patch is available.