CVE-2025-68914
Unknown Unknown - Not Provided
SQL Injection in Riello UPS NetMan 208 Login CGI Allows Data Deletion

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: MITRE

Description
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68914
EUVD
EUVD-2025-205301
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
riello netman 1.12
riello netman_208_application 1.12
riello netman_208_application 1.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not specify how CVE-2025-68914 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-68914 is an unauthenticated SQL Injection vulnerability in the Riello UPS NetMan 208 Application before version 1.12. It occurs in the username parameter of the /cgi-bin/login.cgi login process. An attacker can execute SQL commands on the LOGINFAILEDTABLE, such as deleting all entries, which resets the account lockout mechanism and allows unlimited login attempts. This vulnerability is part of multiple issues in the device that also include remote command execution and stored XSS. [1]

Impact Analysis

This vulnerability can allow an attacker to bypass brute-force protections by deleting the LOGINFAILEDTABLE entries, enabling unlimited login attempts without account lockout. This can lead to unauthorized access to the device. Additionally, combined with other vulnerabilities, it can result in remote code execution and persistent cross-site scripting attacks, potentially leading to full system compromise of the Riello UPS NetMan 208 appliance. [1]

Detection Guidance

This vulnerability can be detected by testing the /cgi-bin/login.cgi endpoint for SQL injection in the username parameter. For example, sending a POST request with payload username=admin';DELETE FROM LOGINFAILEDTABLE WHERE 1=1; -- can confirm the SQL injection vulnerability if the LOGINFAILEDTABLE is cleared. A sample curl command to test this is: curl -X POST -d "username=admin';DELETE FROM LOGINFAILEDTABLE WHERE 1=1; --&password=any" http://<target-ip>/cgi-bin/login.cgi. Monitoring for unusual POST requests to /cgi-bin/login.cgi or unexpected resets of login failure counters can also indicate exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the Riello UPS NetMan 208 Application to version 1.12 or later, which addresses these vulnerabilities. Until the patch is applied, restrict network access to the device's management interface to trusted hosts only, monitor and block suspicious POST requests to /cgi-bin/login.cgi, and disable or restrict access to vulnerable CGI scripts if possible. Additionally, review and harden authentication mechanisms and monitor for signs of exploitation such as unexpected resets of login failure tables. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart