CVE-2025-1821
Published: 02 March 2025
Summary
CVE-2025-1821 is a medium-severity Injection (CWE-74) vulnerability in Zframeworks Zz. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation of the userID input to block SQL injection manipulations in the getUserOrgForUserId function.
Requires timely identification, reporting, and correction of the SQL injection flaw in ZorgAction.java to prevent exploitation.
Vulnerability scanning detects the publicly disclosed SQL injection in zj1983 zz for subsequent remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in front-end web endpoint (/getUserOrgForUserId) enables exploitation of public-facing application (T1190), abuse of server software component (T1505), and collection from databases (T1213.006).
NVD Description
A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. The attack may be…
more
launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-1821 is a critical SQL injection vulnerability in zj1983 zz versions up to 2024-8. The flaw affects the getUserOrgForUserId function in the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java, where manipulation of the userID argument triggers the injection.
Attackers can exploit this remotely over the network with low attack complexity, requiring low privileges but no user interaction. Per the CVSS 3.1 score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), successful exploitation enables limited impacts on confidentiality, integrity, and availability. The issue maps to CWEs-74 and CWE-89.
VulDB advisories and a GitHub disclosure detail the exploit, which has been made public and may be used. The vendor was contacted early regarding the issue but provided no response, and no patches or specific mitigations are referenced.
Details
- CWE(s)