Cyber Posture

CVE-2025-0792

MediumPublic PoC

Published: 29 January 2025

Published
29 January 2025
Modified
23 May 2025
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0005 16.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0792 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection by validating and sanitizing the manipulable flowId input parameter before processing in database queries.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of critical flaws like this SQL injection vulnerability in /sdTodoDetail.jsp.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables vulnerability scanning to identify SQL injection flaws such as CVE-2025-0792 for timely remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote SQL injection in a web application (public-facing JSP endpoint) enables initial access via exploitation of the vulnerable input (flowId).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability, which was classified as critical, was found in ESAFENET CDG V5. Affected is an unknown function of the file /sdTodoDetail.jsp. The manipulation of the argument flowId leads to sql injection. It is possible to launch the attack remotely.…

more

The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-0792 is a critical SQL injection vulnerability (CWE-74, CWE-89) in ESAFENET CDG V5, affecting an unknown function within the file /sdTodoDetail.jsp. The flaw is triggered by manipulation of the flowId argument, enabling SQL injection attacks. It was published on 2025-01-29 and carries a CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability is exploitable remotely by attackers possessing low privileges, such as authenticated users with basic access. Exploitation requires low complexity and no user interaction, allowing limited impacts: low confidentiality (partial data exposure), integrity (minor modifications), and availability (slight service disruption).

Advisories from VulDB and a detailed GitHub report detail the proof-of-concept exploit, which has been publicly disclosed and may be actively used. The vendor was notified early regarding the issue but provided no response, leaving no official patches or mitigation steps documented in the available references.

Details

CWE(s)
CWE-74CWE-89

Affected Products

esafenet
cdg
5

CVEs Like This One

CVE-2025-0789Same product: Esafenet Cdg
CVE-2025-0791Same product: Esafenet Cdg
CVE-2025-1840Same product: Esafenet Cdg
CVE-2025-1844Same product: Esafenet Cdg
CVE-2025-0786Same product: Esafenet Cdg
CVE-2025-2927Same product: Esafenet Cdg
CVE-2025-1841Same product: Esafenet Cdg
CVE-2025-0788Same product: Esafenet Cdg
CVE-2025-0793Same product: Esafenet Cdg
CVE-2025-1845Same vendor: Esafenet

References