CVE-2025-0788
Published: 28 January 2025
Summary
CVE-2025-0788 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by validating and sanitizing the untrusted 'id' parameter in /content_top.jsp before processing.
Mandates identification, reporting, and correction of the SQL injection flaw in ESAFENET CDG V5 to eliminate the vulnerability.
Vulnerability scanning detects the SQL injection issue in /content_top.jsp, enabling prioritization and risk-based remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app (/content_top.jsp) enables initial access via exploitation of public-facing application (T1190), server software component abuse for execution (T1505 as cited in advisory), and data collection from databases (T1213.006) through arbitrary SQL queries.
NVD Description
A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /content_top.jsp. The manipulation of the argument id leads to sql injection. The attack may be…
more
launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0788 is a SQL injection vulnerability in ESAFENET CDG V5, affecting an unknown functionality within the /content_top.jsp file. The issue arises from manipulation of the "id" argument, classified under CWE-74 and CWE-89. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-01-28.
The vulnerability enables remote exploitation by an attacker possessing low privileges (PR:L), requiring no user interaction. Successful exploitation results in low impacts to confidentiality, integrity, and availability, allowing limited unauthorized access, modification, or disruption via SQL injection.
References, including a GitHub disclosure at https://github.com/Rain1er/report/blob/main/CDG/content_top.md and VulDB entries (https://vuldb.com/?ctiid.293912, https://vuldb.com/?id.293912, https://vuldb.com/?submit.483341), confirm the exploit has been publicly disclosed and is available for use. The vendor was contacted early regarding the issue but provided no response, with no patches or mitigations detailed in available sources.
Details
- CWE(s)