CVE-2025-11316
BaseFortify
Publication date: 2025-10-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tipray | data_leakage_prevention_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11316 is a critical SQL injection vulnerability in the Tipray Data Leakage Prevention System version 1.0. It exists in the function findCategoryPage within the file findCategoryPage.do. The vulnerability arises because the tenantId parameter is not properly sanitized, allowing an attacker to inject malicious SQL commands remotely without authentication. This can lead to unauthorized access or manipulation of the database. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected system. An attacker can remotely exploit the SQL injection to access sensitive data, modify or delete data, or disrupt system operations. Since the exploit is publicly available and easy to perform, and no patches or mitigations are currently provided by the vendor, the risk of exploitation is high. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'tenantId' parameter in the 'findCategoryPage.do' endpoint for SQL injection. You can use tools like curl or sqlmap to send crafted requests to the endpoint and observe if SQL injection is possible. For example, using curl: curl -v "http://<target>/findCategoryPage.do?tenantId=1' OR '1'='1" to check for SQL errors or unexpected responses. Alternatively, sqlmap can be used to automate detection: sqlmap -u "http://<target>/findCategoryPage.do?tenantId=1" --risk=3 --level=5 --batch. Monitoring network traffic for unusual or malformed requests targeting 'findCategoryPage.do' with suspicious 'tenantId' values can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no patches or vendor mitigations are currently available and the vendor has not responded, immediate steps include: 1) Restrict access to the affected 'findCategoryPage.do' endpoint by implementing network-level controls such as firewall rules or IP whitelisting to limit exposure. 2) Monitor and block suspicious requests targeting the 'tenantId' parameter to prevent exploitation. 3) Consider replacing the affected product with an alternative solution that does not have this vulnerability. 4) Apply web application firewall (WAF) rules to detect and block SQL injection attempts against this endpoint. 5) Regularly monitor logs for signs of exploitation attempts. [1]