CVE-2025-2601

MediumPublic PoC

Published: 21 March 2025

Published

21 March 2025

Modified

14 May 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 18.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2601 is a medium-severity Injection (CWE-74) vulnerability in Mayurik Advocate Office Management System. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly and comprehensively prevents SQL injection by validating and sanitizing all inputs, including the vulnerable ID argument in activate_reg.php.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation to patch or fix the specific SQL injection vulnerability in Kortex Lite's activate_reg.php.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 vulnerability scanning detects SQL injection flaws like CVE-2025-2601 in web applications such as Kortex Lite.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

T1505 Server Software Component Persistence

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

SQL injection in public-facing web app (activate_reg.php) enables remote exploitation (T1190, T1505) and unauthorized database queries for data collection/extraction (T1213.006), with potential CIA impacts.

NVD Description

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipulation of the argument ID leads to sql injection. It is possible…

to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-2601 is a critical SQL injection vulnerability (CWE-74, CWE-89) in SourceCodester Kortex Lite Advocate Office Management System 1.0. The flaw affects an unknown part of the file activate_reg.php, where manipulation of the ID argument enables SQL injection.

The vulnerability is remotely exploitable over the network with low attack complexity and requires low privileges (PR:L) but no user interaction. Attackers can achieve low impacts on confidentiality, integrity, and availability, as reflected in its CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Advisories and details are available via VulDB entries (https://vuldb.com/?ctiid.300585, https://vuldb.com/?id.300585, https://vuldb.com/?submit.517959) and a GitHub issue (https://github.com/Hefei-Coffee/cve/issues/10), along with the vendor site (https://www.sourcecodester.com/).

The exploit has been publicly disclosed and may be used.

Details

CWE(s): CWE-74 CWE-89

Affected Products

mayurik

advocate office management system

1.0

CVEs Like This One

CVE-2025-2626Same product: Mayurik Advocate Office Management System

CVE-2025-2602Same product: Mayurik Advocate Office Management System

CVE-2025-1167Same vendor: Mayurik

CVE-2025-1596Same vendor: Mayurik

CVE-2025-1200Same vendor: Mayurik

CVE-2025-1961Same vendor: Mayurik

CVE-2025-2046Same vendor: Mayurik

CVE-2025-1870Same vendor: Mayurik

CVE-2025-1872Same vendor: Mayurik

CVE-2025-1873Same vendor: Mayurik

References

https://github.com/Hefei-Coffee/cve/issues/10
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.300585
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.300585
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.517959
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.sourcecodester.com/
Product · cna@vuldb.com