Cyber Posture

CVE-2025-0791

MediumPublic PoC

Published: 29 January 2025

Published
29 January 2025
Modified
23 May 2025
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0005 14.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0791 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection by requiring validation of untrusted inputs like the flowId argument in /sdDoneDetail.jsp.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the specific SQL injection flaw in ESAFENET CDG V5.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Vulnerability scanning detects SQL injection vulnerabilities like CVE-2025-0791 in the application for remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote SQL injection in a web/JSP endpoint (public-facing application) with low privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated remotely.…

more

The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-0791 is a SQL injection vulnerability classified as critical in ESAFENET CDG V5. It affects the processing of the file /sdDoneDetail.jsp, where manipulation of the flowId argument enables the injection. The issue is associated with CWE-74 and CWE-89.

The vulnerability allows remote exploitation with low attack complexity and requires low privileges (PR:L), as indicated by its CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). An attacker with network access and minimal authentication can inject SQL payloads to achieve limited impacts on confidentiality, integrity, and availability.

Advisories on VulDB and a GitHub report by Rain1er document the vulnerability, including proof-of-concept details in sdDoneDetail.md. The exploit has been publicly disclosed and may be used, but the vendor was contacted early without any response or patch information provided.

Details

CWE(s)
CWE-74CWE-89

Affected Products

esafenet
cdg
5

CVEs Like This One

CVE-2025-0789Same product: Esafenet Cdg
CVE-2025-1840Same product: Esafenet Cdg
CVE-2025-1844Same product: Esafenet Cdg
CVE-2025-0786Same product: Esafenet Cdg
CVE-2025-0792Same product: Esafenet Cdg
CVE-2025-2927Same product: Esafenet Cdg
CVE-2025-1841Same product: Esafenet Cdg
CVE-2025-0788Same product: Esafenet Cdg
CVE-2025-0793Same product: Esafenet Cdg
CVE-2025-1845Same vendor: Esafenet

References