CVE-2025-11629
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docsys_project | docsys | to 2.02.36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11629 is a SQL injection vulnerability in RainyGao DocSys versions up to 2.02.36, specifically in the getUserList function of the /Manage/getUserList.do file. This flaw allows remote attackers to manipulate SQL queries by injecting malicious input, which can lead to unauthorized access to sensitive data, privilege escalation, and potentially full control over the database or server. The vulnerability is exploitable remotely without authentication, and a public proof-of-concept exploit is available. [2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized disclosure of sensitive information, modification or deletion of data, and disruption of system availability. Attackers may escalate privileges and gain control over the database or underlying server, resulting in a full system compromise. This poses significant risks to confidentiality, integrity, and availability of the affected system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious requests to the vulnerable endpoint /Manage/getUserList.do that include SQL injection patterns. Since a public proof-of-concept exploit is available on GitHub, you can use it to test your system. Common detection methods include using web application firewalls (WAF) with SQL injection detection rules or running manual tests with tools like curl or sqlmap targeting the /Manage/getUserList.do endpoint. For example, a simple curl command to test might be: curl -v "http://<target>/Manage/getUserList.do?param=' OR '1'='1". Additionally, sqlmap can be used to automate detection: sqlmap -u "http://<target>/Manage/getUserList.do?param=value" --risk=3 --level=5. Monitoring logs for unusual SQL errors or unexpected database responses can also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected product version with a non-vulnerable version if available, as no vendor patch or fix has been provided. If replacement is not immediately possible, restrict access to the vulnerable endpoint /Manage/getUserList.do by implementing network-level controls such as IP whitelisting or firewall rules. Deploy a web application firewall (WAF) with SQL injection protection rules to block malicious requests targeting this endpoint. Additionally, monitor logs for suspicious activity and consider disabling or restricting the getUserList function if feasible. Since no official vendor response or patch exists, these mitigations are critical to reduce risk until a secure version or alternative solution is deployed. [3]