Cyber Resilience

CVE-2025-67102

HighPublic PoC

Published: 17 February 2026

Published
17 February 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0004 14.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67102 is a high-severity SQL Injection (CWE-89) vulnerability in Jorani Jorani. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-67102 is a SQL injection vulnerability (CWE-89) in the alldayoffs feature of Jorani up to version 1.0.4. This flaw allows an authenticated attacker to execute arbitrary SQL commands by manipulating the entity parameter. The vulnerability carries a CVSS v3.1 base score of 7.6, reflecting network accessibility (AV:N), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), low integrity impact (I:L), and low availability impact (A:L).

An authenticated attacker with low privileges can exploit this vulnerability remotely over the network without requiring user interaction. By injecting malicious SQL via the entity parameter in the alldayoffs feature, the attacker can execute arbitrary SQL commands, potentially extracting sensitive data from the database due to the high confidentiality impact, with limited abilities to modify data or disrupt service availability.

For mitigation guidance, security practitioners should consult the advisories and resources at https://www.helx.io/blog/advisory-jorani/ and the Jorani GitHub repository at https://github.com/bbalet/jorani, published on 2026-02-17.

EU & UK References

Vulnerability details

A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in web application directly enables remote exploitation of public-facing app (T1190) and unauthorized database data access (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89
CVE-2024-11135Shared CWE-89
CVE-2019-25491Shared CWE-89
CVE-2024-13369Shared CWE-89

Affected Assets

jorani
jorani
≤ 1.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by validating untrusted inputs like the entity parameter before processing in the alldayoffs feature.

prevent

Remediates the specific SQL injection flaw in Jorani up to v1.0.4 by applying vendor patches or updates.

prevent

Restricts the format and content of the entity parameter to block malicious SQL payloads as a complementary input control.

References