CVE-2025-0786
Published: 28 January 2025
Summary
CVE-2025-0786 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by validating and sanitizing inputs like the flowId parameter before processing in /appDetail.jsp.
Requires timely identification, reporting, and correction of flaws such as the SQL injection vulnerability in CVE-2025-0786 to eliminate exploitability.
Scans for and remediates vulnerabilities like CVE-2025-0786, including SQL injection in ESAFENET CDG V5, in accordance with risk-based timelines.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection flaw in a remotely accessible web app (AV:N) directly enables exploitation of public-facing applications for limited data access/modification.
NVD Description
A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack…
more
remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0786 is a SQL injection vulnerability (CWE-74, CWE-89) in ESAFENET CDG V5, affecting an unknown function within the file /appDetail.jsp. The issue arises from manipulation of the flowId argument, enabling remote SQL injection attacks. Published on 2025-01-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by authenticated attackers with low privileges. No user interaction is required, and the low attack complexity allows for straightforward exploitation, potentially leading to limited impacts on confidentiality, integrity, and availability, such as unauthorized data access or modification.
VulDB advisories and a related GitHub report detail the vulnerability, noting that the exploit has been publicly disclosed and may be used. The vendor was contacted early regarding the issue but provided no response, and no patches or specific mitigations are referenced.
The exploit disclosure increases the risk of active use in the wild, though no confirmed real-world exploitation is reported.
Details
- CWE(s)