CVE-2025-67830

Critical

Published: 18 March 2026

Published

18 March 2026

Modified

21 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 13.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67830 is a critical-severity SQL Injection (CWE-89) vulnerability in Murasoftware Mura Cms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the SQL injection by requiring timely application of the vendor patch (Mura 10.1.14) that sanitizes the sortby parameter.

SI-10 Information Input Validation good match

prevent

Enforces validation of the user-supplied sortby parameter in beanFeed.cfc getQuery to block malicious SQL payloads.

SC-7 Boundary Protection partial match

preventdetect

Deploys web application firewall at system boundaries to inspect and block SQL injection patterns in sortby parameter requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct remote unauthenticated exploitation of a public-facing web application component via SQL injection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.

Deeper analysisAI

CVE-2025-67830 is a SQL injection vulnerability (CWE-89) in the beanFeed.cfc component of Mura CMS versions prior to 10.1.14. The flaw resides in the getQuery function, where the sortby parameter fails to properly sanitize user input, allowing malicious SQL payloads to be injected into database queries. This critical issue carries a CVSS v3.1 base score of 9.8, reflecting its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability over the network by crafting requests with malicious sortby parameters to the affected endpoint. Successful exploitation enables arbitrary SQL query execution, potentially allowing full database compromise, data exfiltration, modification, or deletion, as well as potential server takeover depending on database privileges and configuration.

The Mura release notes for version 10.1.14 document the fix for this vulnerability, recommending immediate upgrade to this or later versions as the primary mitigation. Additional defensive measures include input validation on the sortby parameter and web application firewall rules to detect SQL injection patterns, though patching remains essential. The CVE was published on 2026-03-18.