CVE-2025-1117
Published: 08 February 2025
Summary
CVE-2025-1117 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-1117 is a critical SQL injection vulnerability in CoinRemitter versions 0.0.1 and 0.0.2 running on OpenCart. The flaw arises from improper neutralization of the 'coin' argument in an unknown component, allowing attackers to manipulate SQL queries. Mapped to CWE-74 and CWE-89, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), enabling network-based exploitation without authentication or user interaction.
Unauthenticated remote attackers can exploit this vulnerability by manipulating the 'coin' parameter in requests to affected CoinRemitter instances on OpenCart. Successful exploitation grants limited access to confidential data, moderate integrity disruptions such as data alteration, and low availability impacts like denial of service, depending on the database backend and privileges.
VulDB advisories and the CoinRemitter GitHub release recommend upgrading to version 0.0.3, which addresses the issue. A proof-of-concept exploit has been publicly disclosed via a GitHub Gist, increasing the risk of widespread abuse.
The exploit's public availability heightens the urgency for patching, as it may facilitate immediate attacks on unpatched e-commerce sites using vulnerable CoinRemitter modules.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2015
Vulnerability details
A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has…
more
been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated SQL injection in a public-facing OpenCart web plugin directly enables remote exploitation of the application over the network.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the critical SQL injection flaw by upgrading CoinRemitter to version 0.0.3.
Mandates validation of the 'coin' parameter to neutralize SQL injection manipulations in requests.
Enables vulnerability scanning to identify the SQL injection issue in CoinRemitter 0.0.1/0.0.2 on OpenCart.