Cyber Posture

CVE-2025-1840

High

Published: 03 March 2025

Published
03 March 2025
Modified
05 June 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0007 21.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1840 is a high-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates SQL injection by validating the flowId argument in updateorg.jsp before database processing.

SI-2 Flaw Remediation good match
prevent

Ensures timely patching and remediation of the specific SQL injection flaw in ESAFENET CDG 5.6.3.154.205.

SI-9 Information Input Restrictions partial match
prevent

Restricts flowId input to safe formats, blocking malicious SQL payloads from exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote unauthenticated SQL injection in a public-facing web application (updateorg.jsp) enables initial access via exploitation of a public-facing app.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be…

more

launched remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-1840 is a critical SQL injection vulnerability (CWE-74, CWE-89) affecting ESAFENET CDG version 5.6.3.154.205. The issue resides in an unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp, where manipulation of the flowId argument triggers the injection. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-03.

The vulnerability can be exploited remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction. Exploitation via crafted flowId manipulation enables limited impacts on confidentiality, integrity, and availability through SQL injection.

Advisories and exploit details are available via VulDB (https://vuldb.com/?ctiid.298106, https://vuldb.com/?id.298106, https://vuldb.com/?submit.504384) and a GitHub report (https://github.com/Rain1er/report/blob/main/CDG/dXBkYXRlb3JnLmpzcA%3D%3D.md). The exploit has been publicly disclosed and may be used, with no specific patch or mitigation guidance detailed in the provided references.

Details

CWE(s)
CWE-74CWE-89

Affected Products

esafenet
cdg
5.6.3.154.205

CVEs Like This One

CVE-2025-0789Same product: Esafenet Cdg
CVE-2025-0791Same product: Esafenet Cdg
CVE-2025-1844Same product: Esafenet Cdg
CVE-2025-0786Same product: Esafenet Cdg
CVE-2025-0792Same product: Esafenet Cdg
CVE-2025-2927Same product: Esafenet Cdg
CVE-2025-1841Same product: Esafenet Cdg
CVE-2025-0788Same product: Esafenet Cdg
CVE-2025-0793Same product: Esafenet Cdg
CVE-2025-1845Same vendor: Esafenet

References