CVE-2025-2602
Published: 21 March 2025
Summary
CVE-2025-2602 is a medium-severity Injection (CWE-74) vulnerability in Mayurik Advocate Office Management System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection in deactivate_reg.php by requiring validation and error handling for the manipulable ID argument at input points.
Enforces restrictions on the ID parameter to only accept valid inputs like integers, blocking SQL injection payloads remotely.
Mandates identification, reporting, and correction of the specific SQL injection flaw in CVE-2025-2602.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection vulnerability in public-facing web application (deactivate_reg.php) enables initial access via T1190 (Exploit Public-Facing Application), facilitates data collection from databases via T1213.006, and abuse of server software components for potential code execution via T1505.
NVD Description
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The manipulation of the argument ID leads to sql injection. The attack can…
more
be initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-2602 is a critical SQL injection vulnerability in SourceCodester Kortex Lite Advocate Office Management System version 1.0. The issue resides in unknown code within the deactivate_reg.php file, where manipulation of the ID argument triggers the injection. It is remotely exploitable and has been assigned CWE-74 and CWE-89, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
An attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or disruption via SQL commands.
Advisories referenced on VulDB (ctiid.300586, id.300586, submit.517960) and a GitHub issue at Hefei-Coffee/cve/issues/11 detail the vulnerability, while the vendor site at sourcecodester.com hosts the affected software. No specific patches or mitigations are detailed in the available information.
The exploit has been publicly disclosed and may be in use by attackers.
Details
- CWE(s)