CVE-2025-0462
Published: 14 January 2025
Summary
CVE-2025-0462 is a medium-severity Injection (CWE-74) vulnerability in 51Mis Lingdang Crm. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-4 (System Monitoring).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation and sanitization of the searchcontent input parameter to directly prevent SQL injection exploitation.
Enforces access restrictions to the vulnerable /crm/weixinmp/index.php endpoint, blocking low-privilege users from reaching the injectable UsersAjax action.
Enables monitoring of system activity to identify anomalous database queries resulting from SQL injection attempts on the searchcontent parameter.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in Lingdang CRM (customer relationship management software) enables exploitation of a public-facing web application (T1190) and facilitates collection of data from CRM repositories (T1213.004).
NVD Description
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack…
more
may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0462 is a SQL injection vulnerability (CWE-74, CWE-89) in Shanghai Lingdang Information Technology's Lingdang CRM versions up to 8.6.0.0. The flaw affects the processing of the /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1 endpoint, where manipulation of the searchcontent argument enables injection. Published on 2025-01-14, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
An attacker with low privileges can exploit this remotely by crafting malicious searchcontent input, potentially achieving limited impacts on confidentiality, integrity, and availability through unauthorized SQL operations.
VulDB advisories (ctiid.291479, id.291479, submit.474254) and a GitHub document (BxYQ/ld/blob/main/ListView_SQL.doc) detail the issue, including a publicly disclosed exploit. The vendor was contacted early but provided no response, and no patches or official mitigations are available. Security practitioners should restrict access to the affected endpoint and monitor for anomalous database queries.
Details
- CWE(s)