CVE-2025-0700
Published: 24 January 2025
Summary
CVE-2025-0700 is a medium-severity Injection (CWE-74) vulnerability in Joeybling Bootplus. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Server Software Component (T1505); ranked at the 36.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the logId parameter in /admin/sys/log/list.
SI-2 ensures timely identification, prioritization, and remediation of critical flaws such as this SQL injection vulnerability in the bootplus rolling release.
RA-5 mitigates by enabling regular vulnerability scanning to identify SQL injection issues like CVE-2025-0700 in the affected endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection vulnerability in the bootplus server software component (/admin/sys/log/list) allows remote arbitrary SQL query execution, directly facilitating T1505 (Server Software Component) as declared in the advisory.
NVD Description
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack…
more
may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Deeper analysisAI
CVE-2025-0700 is a SQL injection vulnerability in the JoeyBling bootplus project, affecting commits up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. The issue resides in an unknown functionality of the /admin/sys/log/list file, where manipulation of the logId argument enables the injection. Rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it is associated with CWE-74 and CWE-89. The product uses a rolling release model, so no specific affected or patched version details are available.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or disruption through SQL injection.
Advisories referenced in GitHub issues at https://github.com/JoeyBling/bootplus/issues/22 and https://github.com/JoeyBling/bootplus/issues/22#issue-2786899884, along with VulDB entries at https://vuldb.com/?ctiid.293228, https://vuldb.com/?id.293228, and https://vuldb.com/?submit.480838, document the issue but provide no explicit mitigation or patch details due to the rolling release nature. The exploit has been publicly disclosed and may be used by attackers.
Notable context includes the public availability of the exploit, published on 2025-01-24, increasing the risk of active exploitation in unpatched instances of bootplus.
Details
- CWE(s)