Cyber Posture

CVE-2025-67829

Critical

Published: 18 March 2026

Published
18 March 2026
Modified
20 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67829 is a critical-severity SQL Injection (CWE-89) vulnerability in Murasoftware Mura Cms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents SQL injection in the sortDirection parameter by enforcing validation of untrusted inputs to the beanFeed.cfc getQuery function.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the SQL injection flaw in Mura CMS versions prior to 10.1.14 through patching or upgrades.

SI-9 Information Input Restrictions good match
prevent

Restricts the sortDirection parameter to authorized values such as 'ASC' or 'DESC', blocking malicious SQL payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote exploitation of public-facing web app via unsanitized SQL parameter in Mura CMS (classic SQLi initial access vector).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.

Deeper analysisAI

CVE-2025-67829 is a SQL injection vulnerability (CWE-89) affecting Mura CMS versions prior to 10.1.14. The issue resides in the beanFeed.cfc component, where the getQuery function fails to properly sanitize the sortDirection parameter, enabling attackers to inject malicious SQL payloads.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), this vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing arbitrary SQL execution such as data exfiltration, modification, or database disruption.

Mitigation is available via upgrade to Mura version 10.1.14 or later, as detailed in the official release notes at https://docs.murasoftware.com/v10/release-notes/#section-version-1014.

Details

CWE(s)
CWE-89

Affected Products

murasoftware
mura cms
≤ 10.1.4

CVEs Like This One

CVE-2025-67830Same product: Murasoftware Mura Cms
CVE-2025-55044Same product: Murasoftware Mura Cms
CVE-2025-55045Same product: Murasoftware Mura Cms
CVE-2025-55046Same product: Murasoftware Mura Cms
CVE-2025-55041Same product: Murasoftware Mura Cms
CVE-2025-55040Same product: Murasoftware Mura Cms
CVE-2026-3180Shared CWE-89
CVE-2025-1872Shared CWE-89
CVE-2026-32458Shared CWE-89
CVE-2026-24494Shared CWE-89

References