CVE-2025-54865
BaseFortify
Publication date: 2025-08-05
Last updated on: 2025-10-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ftb-gamepedia | tilesheets | From 5.0.1 (inc) to 5.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54865 is a high-severity SQL injection vulnerability in the Tilesheets MediaWiki Extension. It is caused by a missing backtick in an SQL query in the extension's code, which allows attackers to inject malicious SQL code via the 'mod' parameter. This improper sanitization of user input can lead to modification of the intended SQL command, potentially compromising the database. [1]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to inject SQL code without any privileges or user interaction, potentially leading to unauthorized access or modification of database contents. While the typical result is SQL errors, certain server configurations might allow attackers to execute arbitrary SQL commands, impacting database confidentiality, integrity, and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the Tilesheets MediaWiki extension for SQL injection via the 'mod' parameter. You can attempt to reproduce the proof of concept by sending a request with a crafted 'mod' parameter that includes a backtick and SQL injection payload, for example: curl "http://<your-mediawiki-site>/w/index.php?mod=Test`%20=%201%23&title=Special%3ASheetManager" If the response includes SQL errors such as 'Error 1064' or 'Error 1054', it indicates the presence of the vulnerability. Additionally, monitoring logs for SQL syntax errors related to the 'mod' parameter or unusual query patterns can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Upgrade the Tilesheets extension to version 5.0.3 or later, where the vulnerability is patched. 2. If upgrading is not immediately possible, restrict access to the affected functionality or disable the Tilesheets extension temporarily. 3. Implement web application firewall (WAF) rules to block requests containing suspicious payloads in the 'mod' parameter, such as backticks or SQL comment characters. 4. Monitor logs for exploitation attempts and apply input validation or sanitization at the application level if feasible. [1]