Cyber Posture

CVE-2025-1389

High

Published: 17 February 2025

Published
17 February 2025
Modified
17 November 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1389 is a high-severity SQL Injection (CWE-89) vulnerability in Learningdigital Orca Hcm. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection by validating and sanitizing user inputs at entry points to block arbitrary SQL command execution.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of the specific SQL injection flaw in Orca HCM as described in CVE-2025-1389.

SI-5 Security Alerts, Advisories, and Directives good match
prevent

Facilitates obtaining and implementing vendor advisories and patches for known vulnerabilities like CVE-2025-1389 to prevent exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in a network-accessible web application directly maps to T1190 for initial access via public-facing app exploitation; arbitrary SQL execution on the database enables T1213.006 for direct data access/manipulation from information repositories.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.

Deeper analysisAI

CVE-2025-1389 is a SQL injection vulnerability (CWE-89) affecting Orca HCM, a human capital management software product from Learning Digital. Published on 2025-02-17, the flaw enables attackers to inject arbitrary SQL commands into the application, allowing them to read, modify, and delete database contents. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers with low (regular) privileges can exploit this vulnerability remotely without requiring user interaction. Exploitation involves crafting malicious SQL inputs that execute arbitrary commands on the underlying database, potentially granting unauthorized access to sensitive data, altering records, or causing data loss across the affected system.

Advisories detailing mitigations and patches are available from TWCERT/CC at https://www.twcert.org.tw/en/cp-139-8432-4b516-2.html and https://www.twcert.org.tw/tw/cp-132-8431-61e42-1.html.

Details

CWE(s)
CWE-89

Affected Products

learningdigital
orca hcm
≤ 11.0

CVEs Like This One

CVE-2025-1387Same product: Learningdigital Orca Hcm
CVE-2025-1388Same product: Learningdigital Orca Hcm
CVE-2026-23492Shared CWE-89
CVE-2019-25541Shared CWE-89
CVE-2025-25116Shared CWE-89
CVE-2025-52025Shared CWE-89
CVE-2025-56316Shared CWE-89
CVE-2026-0702Shared CWE-89
CVE-2025-67146Shared CWE-89
CVE-2026-25936Shared CWE-89

References