CVE-2025-1844
Published: 03 March 2025
Summary
CVE-2025-1844 is a medium-severity Injection (CWE-74) vulnerability in Esafenet Cdg. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection by validating the logTaskId input parameter in backupLogDetail.jsp to ensure it conforms to expected formats and rejects malicious payloads.
Requires timely identification, prioritization, and remediation of the SQL injection flaw in ESAFENET CDG, including workarounds since no vendor patch is available.
Enforces least privilege on application and database accounts to limit the confidentiality, integrity, and availability impacts of successful SQL injection exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a web application component directly enables remote exploitation of a public-facing server.
NVD Description
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely.…
more
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-1844 is a critical SQL injection vulnerability (classified under CWE-74 and CWE-89) affecting ESAFENET CDG version 5.6.3.154.205_20250114. The flaw resides in an unknown function within the file /CDGServer3/logManagement/backupLogDetail.jsp, where manipulation of the logTaskId argument enables SQL injection. The vulnerability was published on 2025-03-03 and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
An attacker with low-privilege authenticated access (PR:L) can exploit this remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), potentially allowing unauthorized data access, modification, or disruption within the affected log management component.
VulDB advisories and related references, including a GitHub disclosure at https://github.com/666lail/report/blob/main/tmp/1.md, confirm the exploit has been publicly released and may be actively used. The vendor was notified early but provided no response, and no patches or official mitigations are available.
The public exploit disclosure heightens risk for unpatched ESAFENET CDG deployments, particularly in environments relying on this log management functionality.
Details
- CWE(s)