CVE-2025-15493
Published: 09 January 2026
Summary
CVE-2025-15493 is a medium-severity Injection (CWE-74) vulnerability in Docsys Project Docsys. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-15493 is a SQL injection vulnerability affecting RainyGao DocSys versions up to 2.02.36. The flaw resides in an unknown function within the file src/com/DocSystem/mapping/ReposAuthMapper.xml, where manipulation of the searchWord argument enables injection. This issue, classified under CWE-74 and CWE-89, has a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility and low complexity.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L). Successful exploitation allows limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption via injected SQL payloads targeting the searchWord parameter.
Advisories from VulDB and related references, including a GitHub repository, detail the vulnerability analysis and provide a published exploit, but no patches or vendor mitigations are mentioned. The vendor was contacted early regarding disclosure but did not respond.
An exploit has been publicly released and may be actively used, highlighting the need for immediate scrutiny of affected DocSys deployments.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1716
Vulnerability details
A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the…
more
attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a web-accessible DocSys component directly enables remote exploitation of a public-facing application (T1190) with low-privilege network access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the searchWord input parameter before it reaches the SQL query in ReposAuthMapper.xml, blocking the injection payload.
Enables monitoring of database query patterns and anomalies that would reveal successful exploitation of the searchWord parameter.
Restricts the database account used by DocSys to the minimum privileges needed, limiting the impact of any successful SQL injection via searchWord.