CVE-2025-14185
BaseFortify
Publication date: 2025-12-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yonyou | u8_cloud | 5.0 |
| yonyou | u8_cloud | 5.1 |
| yonyou | u8_cloud | 5.1sp |
| yonyou | u8_cloud | 5.0sp |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp, specifically in an unknown function within the file nc/pubitf/erm/mobile/appservice/AppServletService.class. It involves manipulation of the argument 'usercode' which leads to SQL injection. This means an attacker can remotely inject malicious SQL commands through this parameter, potentially compromising the database.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to perform SQL injection by manipulating the 'usercode' argument. This can lead to unauthorized access, data leakage, data modification, or disruption of the affected system's database. Since the exploit is publicly available, the risk of exploitation is higher.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or malicious SQL injection attempts targeting the 'usercode' parameter in requests to the AppServletService component of Yonyou U8 Cloud. Since the exploit involves SQL injection via the 'usercode' argument in the file nc/pubitf/erm/mobile/appservice/AppServletService.class, detection can focus on inspecting HTTP requests for suspicious payloads in this parameter. Commands to detect such attempts could include using web server logs or network traffic analysis tools to search for SQL injection patterns. For example, using grep on web server logs: grep -i 'usercode=.*\(union\|select\|insert\|update\|delete\)' /path/to/access.log. Additionally, tools like sqlmap can be used to test the endpoint for SQL injection vulnerabilities by targeting the 'usercode' parameter. However, no specific detection commands are provided in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp, especially the AppServletService component. Since no vendor patch or official mitigation is available, it is recommended to implement network-level protections such as web application firewalls (WAF) to block SQL injection attempts targeting the 'usercode' parameter. Input validation and sanitization should be enforced if possible. Additionally, consider replacing the affected component or product with a secure alternative to prevent exploitation. Monitoring for exploit attempts and limiting privileges of affected services can also reduce risk. [3]