CVE-2025-1841
Published: 03 March 2025
Summary
CVE-2025-1841 is a high-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of user-supplied inputs like startDate and endDate parameters to prevent SQL injection exploitation in the ClientSortLog.jsp endpoint.
Mandates identification, reporting, and correction of the specific SQL injection flaw in ESAFENET CDG 5.6.3.154.205 to eliminate the vulnerability.
Enables scanning for SQL injection vulnerabilities like CVE-2025-1841 and timely remediation to address publicly disclosed exploits.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote SQL injection in public-facing web application (ClientSortLog.jsp) enables exploitation of public-facing applications (T1190) and server software component abuse for execution, including potential RCE on MSSQL as noted in advisories.
NVD Description
A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is possible to initiate the attack remotely. The…
more
exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-1841 is a SQL injection vulnerability classified as critical in ESAFENET CDG version 5.6.3.154.205. The issue resides in an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp, where manipulation of the startDate and endDate arguments enables SQL injection. It is associated with CWE-74 (Improper Neutralization of Special Elements) and CWE-89 (SQL Injection), with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no privileges or user interaction. By sending crafted requests to the affected JSP endpoint with malicious startDate or endDate values, attackers can inject SQL payloads, potentially leading to limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or denial of service.
Advisories and details are available through VulDB entries (ctiid.298107, id.298107, submit.504385) and GitHub reports at Rain1er/report repositories, which disclose the exploit publicly for potential use. No specific patch or mitigation details are outlined in the core vulnerability data.
The exploit has been disclosed to the public, increasing the risk of active exploitation against exposed instances of the affected ESAFENET CDG software.
Details
- CWE(s)