Cyber Resilience

CVE-2025-2672

MediumPublic PoC

Published: 23 March 2025

Published
23 March 2025
Modified
14 May 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0008 22.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2672 is a medium-severity Injection (CWE-74) vulnerability in Fabian Payroll Management System. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2672 is a SQL injection vulnerability in code-projects Payroll Management System 1.0, affecting unknown processing in the /add_deductions.php file. The issue stems from manipulation of the "bir" argument, with other parameters potentially affected as well. Rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it maps to CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection). The vulnerability was published on 2025-03-23T23:15:13.847.

A remote attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables SQL injection, resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L) within the unchanged scope (S:U).

Advisories referenced on VulDB (e.g., https://vuldb.com/?ctiid.300689, https://vuldb.com/?id.300689) and a GitHub disclosure (https://github.com/FoLaJJ/cve/blob/main/sqlcve.md) detail the issue, along with the project site (https://code-projects.org/). The exploit has been publicly disclosed and may be used, with no specific patches or mitigations mentioned in the available descriptions.

EU & UK References

Vulnerability details

A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injection. The attack may be…

more

initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in public-facing web app (/add_deductions.php) enables exploitation of public-facing applications (T1190) and data collection from databases via unrestricted query manipulation (T1213.006).

CVEs Like This One

CVE-2025-3038Same product: Fabian Payroll Management System
CVE-2025-2854Same product: Fabian Payroll Management System
CVE-2025-2984Same product: Fabian Payroll Management System
CVE-2025-2985Same product: Fabian Payroll Management System
CVE-2025-3039Same product: Fabian Payroll Management System
CVE-2025-0874Same vendor: Fabian
CVE-2025-2392Same vendor: Fabian
CVE-2025-2389Same vendor: Fabian
CVE-2025-2391Same vendor: Fabian
CVE-2025-1197Same vendor: Fabian

Affected Assets

fabian
payroll management system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by requiring validation of untrusted inputs like the 'bir' argument in /add_deductions.php.

preventrecover

Mitigates the vulnerability through timely identification, reporting, and correction of the SQL injection flaw in the Payroll Management System.

detectrespond

Enables detection of the SQL injection vulnerability via regular scanning of the application, facilitating remediation.

References