Cyber Resilience

CVE-2025-1117

Medium

Published: 08 February 2025

Published
08 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 25.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1117 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1117 is a critical SQL injection vulnerability in CoinRemitter versions 0.0.1 and 0.0.2 running on OpenCart. The flaw arises from improper neutralization of the 'coin' argument in an unknown component, allowing attackers to manipulate SQL queries. Mapped to CWE-74 and CWE-89, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), enabling network-based exploitation without authentication or user interaction.

Unauthenticated remote attackers can exploit this vulnerability by manipulating the 'coin' parameter in requests to affected CoinRemitter instances on OpenCart. Successful exploitation grants limited access to confidential data, moderate integrity disruptions such as data alteration, and low availability impacts like denial of service, depending on the database backend and privileges.

VulDB advisories and the CoinRemitter GitHub release recommend upgrading to version 0.0.3, which addresses the issue. A proof-of-concept exploit has been publicly disclosed via a GitHub Gist, increasing the risk of widespread abuse.

The exploit's public availability heightens the urgency for patching, as it may facilitate immediate attacks on unpatched e-commerce sites using vulnerable CoinRemitter modules.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has…

more

been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated SQL injection in a public-facing OpenCart web plugin directly enables remote exploitation of the application over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3150Shared CWE-74, CWE-89
CVE-2026-3746Shared CWE-74, CWE-89
CVE-2025-2683Shared CWE-74, CWE-89
CVE-2026-5238Shared CWE-74, CWE-89
CVE-2026-4288Shared CWE-74, CWE-89
CVE-2026-2220Shared CWE-74, CWE-89
CVE-2025-1535Shared CWE-74, CWE-89
CVE-2026-0597Shared CWE-74, CWE-89
CVE-2026-1688Shared CWE-74, CWE-89
CVE-2026-5018Shared CWE-74, CWE-89

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the critical SQL injection flaw by upgrading CoinRemitter to version 0.0.3.

prevent

Mandates validation of the 'coin' parameter to neutralize SQL injection manipulations in requests.

detect

Enables vulnerability scanning to identify the SQL injection issue in CoinRemitter 0.0.1/0.0.2 on OpenCart.

References