CVE-2025-1831
Published: 02 March 2025
Summary
CVE-2025-1831 is a medium-severity Injection (CWE-74) vulnerability in Zframeworks Zz. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by requiring validation and sanitization of inputs like the user_id parameter in the GetDBUser function.
Requires timely identification, reporting, and remediation of flaws such as this unpatched SQL injection vulnerability.
Supports detection of SQL injection exploitation through monitoring for anomalous database activity and attack indicators.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection vulnerability in public-facing web application endpoint (/UserLoginJson, ZorgAction.java GetDBUser via user_id) enables remote code exploitation for initial access (T1190) and arbitrary database queries for data collection (T1213.006).
NVD Description
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack…
more
remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-1831 is a SQL injection vulnerability classified as critical in the zj1983 zz software up to version 2024-8. The issue resides in the GetDBUser function within the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java, where manipulation of the user_id argument enables the injection. Recent input validation failures allow attackers to craft malicious payloads, as mapped to CWE-74 and CWE-89. The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-02.
Exploitation requires low privileges (PR:L) and can be performed remotely over the network with low complexity and no user interaction. An attacker with authenticated access at a low level could manipulate the user_id parameter to execute arbitrary SQL queries, potentially leading to limited confidentiality, integrity, and availability impacts, such as unauthorized data access, modification, or denial of service on the database.
Advisories from VulDB and related GitHub repositories, including proof-of-concept details in ZZ_2024_8前台SQL注入2.md, confirm the exploit has been publicly disclosed and is available for use. The vendor was notified early but provided no response or patch, leaving affected systems without official mitigation. Security practitioners should isolate instances, apply network controls, and monitor for anomalous database activity until updates emerge.
The public disclosure of the exploit increases the risk of active targeting, particularly for exposed deployments of this lesser-known Java-based application. No evidence of widespread real-world exploitation is noted in available sources.
Details
- CWE(s)