CVE-2025-57140
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruisitech | ruisibi | 4.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57140 is a Time-Based Blind SQL Injection vulnerability in rsbi version 4.7, specifically in the /bi/service/model/DatasetService endpoint. An attacker can send a crafted POST request with malicious SQL code in the cfg parameter, causing the database to delay its response (e.g., by using sleep(20)). This delay confirms the presence of the SQL injection flaw without directly retrieving data, allowing the attacker to infer sensitive information through timing analysis. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker to perform SQL injection attacks on the rsbi 4.7 application, potentially enabling them to infer sensitive database information by exploiting response delays. Although it is a blind SQL injection (no direct data extraction), it can be used to gather information about the database structure or confirm the presence of data, which could lead to further attacks or data breaches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the /rsbi/model/queryDatasetMeta.action endpoint with SQL payloads in the cfg parameter that cause time delays, such as (select*from(select(sleep(20)))a). Monitoring for response delays of around 20 seconds indicates the presence of the time-based blind SQL injection. A detection command example using curl would be: curl -X POST https://<target>/rsbi/model/queryDatasetMeta.action -H "Content-Type: application/json" -d '{"cfg":"(select*from(select(sleep(20)))a)"}' If the response is significantly delayed, it suggests the vulnerability is present. [1]