Cyber Resilience

CVE-2025-70397

HighPublic PoC

Published: 17 February 2026

Published
17 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 14.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70397 is a high-severity SQL Injection (CWE-89) vulnerability in Jizhicms Jizhicms. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-70397 is a SQL injection vulnerability (CWE-89) in jizhicms version 2.5.6, published on 2026-02-17. The issue affects the Article/deleteAll and Extmolds/deleteAll endpoints, where the 'data' parameter fails to properly sanitize user input, allowing injection of malicious SQL queries. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant data compromise.

Attackers with high privileges, such as authenticated administrators, can exploit this over the network with low complexity and no user interaction required. By crafting payloads in the 'data' parameter, they can execute arbitrary SQL commands, leading to high-impact outcomes: unauthorized access to sensitive data (confidentiality), modification or deletion of database contents (integrity), and disruption of service (availability).

Advisories and further details are available at http://jizhicms.com and https://www.23882.me/index.php/2026/02/15/jizhicms-%e5%90%8e%e5%8f%b0%e5%ad%98%e5%9c%a8sql%e6%b3%a8%e5%85%a5/. Security practitioners should consult these for vendor-recommended patches or workarounds.

EU & UK References

Vulnerability details

jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in publicly accessible CMS admin endpoints directly enables T1190 (Exploit Public-Facing Application) for arbitrary SQL execution with high impact on C/I/A.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-50229Same product: Jizhicms Jizhicms
CVE-2026-3292Same product: Jizhicms Jizhicms
CVE-2025-50228Same product: Jizhicms Jizhicms
CVE-2025-25785Same product: Jizhicms Jizhicms
CVE-2020-37117Same product: Jizhicms Jizhicms
CVE-2025-25784Same product: Jizhicms Jizhicms
CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89

Affected Assets

jizhicms
jizhicms
2.5.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of the 'data' parameter before it reaches SQL queries in Article/deleteAll and Extmolds/deleteAll, blocking the CWE-89 injection.

prevent

Mandates timely remediation of the identified flaw in jizhicms 2.5.6 so the unsanitized input path is removed or corrected.

prevent

Restricts the high-privilege accounts (PR:H) that can reach the vulnerable endpoints, reducing the population able to supply malicious 'data' payloads.

References