CVE-2025-0789
Published: 28 January 2025
Summary
CVE-2025-0789 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection in the 'flowId' parameter by requiring validation of all information inputs at web application entry points like /doneDetail.jsp.
Boundary protection mechanisms such as web application firewalls monitor and block malicious SQL injection payloads targeting parameters like 'flowId' at external interfaces.
Requires timely identification, reporting, and correction of flaws like this SQL injection vulnerability through patches or compensating controls such as input sanitization.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote SQL injection in a web application endpoint enables exploitation of public-facing apps for initial access and limited data impact.
NVD Description
A vulnerability classified as critical has been found in ESAFENET CDG V5. This affects an unknown part of the file /doneDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to initiate the attack remotely. The…
more
exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0789 is a critical SQL injection vulnerability in ESAFENET CDG V5, specifically affecting an unknown functionality within the /doneDetail.jsp file. The issue arises from improper handling of the 'flowId' parameter, which an attacker can manipulate to inject malicious SQL code. Classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection), it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity despite the critical label.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing unauthorized data access, modification, or disruption through SQL injection. The exploit has been publicly disclosed and is available for use, increasing the risk of active attacks.
Advisories from VulDB (ctiid.293913, id.293913, submit.483342) and a GitHub report detail the vulnerability, including proof-of-concept exploitation steps in /doneDetail.md. The vendor was notified early but has not responded or issued any patches, leaving affected systems without official mitigations; practitioners should implement input validation, parameterized queries, or restrict access to the endpoint as interim measures.
Details
- CWE(s)