Cyber Resilience

CVE-2025-0462

Medium

Published: 14 January 2025

Published
14 January 2025
Modified
28 August 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 42.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0462 is a medium-severity Injection (CWE-74) vulnerability in 51Mis Lingdang Crm. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-4 (System Monitoring).

Deeper analysis

CVE-2025-0462 is a SQL injection vulnerability (CWE-74, CWE-89) in Shanghai Lingdang Information Technology's Lingdang CRM versions up to 8.6.0.0. The flaw affects the processing of the /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1 endpoint, where manipulation of the searchcontent argument enables injection. Published on 2025-01-14, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

An attacker with low privileges can exploit this remotely by crafting malicious searchcontent input, potentially achieving limited impacts on confidentiality, integrity, and availability through unauthorized SQL operations.

VulDB advisories (ctiid.291479, id.291479, submit.474254) and a GitHub document (BxYQ/ld/blob/main/ListView_SQL.doc) detail the issue, including a publicly disclosed exploit. The vendor was contacted early but provided no response, and no patches or official mitigations are available. Security practitioners should restrict access to the affected endpoint and monitor for anomalous database queries.

EU & UK References

Vulnerability details

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack…

more

may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.004 Customer Relationship Management Software Collection
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.
Why these techniques?

SQL injection in Lingdang CRM (customer relationship management software) enables exploitation of a public-facing web application (T1190) and facilitates collection of data from CRM repositories (T1213.004).

CVEs Like This One

CVE-2025-9140Same product: 51Mis Lingdang Crm
CVE-2025-0461Same product: 51Mis Lingdang Crm
CVE-2025-0463Same product: 51Mis Lingdang Crm
CVE-2026-3150Shared CWE-74, CWE-89
CVE-2026-3746Shared CWE-74, CWE-89
CVE-2025-2683Shared CWE-74, CWE-89
CVE-2026-5238Shared CWE-74, CWE-89
CVE-2026-4288Shared CWE-74, CWE-89
CVE-2026-2220Shared CWE-74, CWE-89
CVE-2025-1535Shared CWE-74, CWE-89

Affected Assets

51mis
lingdang crm
8.6.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation and sanitization of the searchcontent input parameter to directly prevent SQL injection exploitation.

prevent

Enforces access restrictions to the vulnerable /crm/weixinmp/index.php endpoint, blocking low-privilege users from reaching the injectable UsersAjax action.

detect

Enables monitoring of system activity to identify anomalous database queries resulting from SQL injection attempts on the searchcontent parameter.

References