Cyber Resilience

CVE-2025-0786

Medium

Published: 28 January 2025

Published
28 January 2025
Modified
16 May 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0786 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-0786 is a SQL injection vulnerability (CWE-74, CWE-89) in ESAFENET CDG V5, affecting an unknown function within the file /appDetail.jsp. The issue arises from manipulation of the flowId argument, enabling remote SQL injection attacks. Published on 2025-01-28, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability can be exploited remotely by authenticated attackers with low privileges. No user interaction is required, and the low attack complexity allows for straightforward exploitation, potentially leading to limited impacts on confidentiality, integrity, and availability, such as unauthorized data access or modification.

VulDB advisories and a related GitHub report detail the vulnerability, noting that the exploit has been publicly disclosed and may be used. The vendor was contacted early regarding the issue but provided no response, and no patches or specific mitigations are referenced.

The exploit disclosure increases the risk of active use in the wild, though no confirmed real-world exploitation is reported.

EU & UK References

Vulnerability details

A vulnerability was found in ESAFENET CDG V5. It has been classified as critical. Affected is an unknown function of the file /appDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack…

more

remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection flaw in a remotely accessible web app (AV:N) directly enables exploitation of public-facing applications for limited data access/modification.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1840Same product: Esafenet Cdg
CVE-2025-0789Same product: Esafenet Cdg
CVE-2025-1844Same product: Esafenet Cdg
CVE-2025-0792Same product: Esafenet Cdg
CVE-2025-0791Same product: Esafenet Cdg
CVE-2025-2927Same product: Esafenet Cdg
CVE-2025-1841Same product: Esafenet Cdg
CVE-2025-0793Same product: Esafenet Cdg
CVE-2025-0788Same product: Esafenet Cdg
CVE-2025-1845Same vendor: Esafenet

Affected Assets

esafenet
cdg
5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by validating and sanitizing inputs like the flowId parameter before processing in /appDetail.jsp.

prevent

Requires timely identification, reporting, and correction of flaws such as the SQL injection vulnerability in CVE-2025-0786 to eliminate exploitability.

preventdetect

Scans for and remediates vulnerabilities like CVE-2025-0786, including SQL injection in ESAFENET CDG V5, in accordance with risk-based timelines.

References