CVE-2025-70821
Published: 03 March 2026
Summary
CVE-2025-70821 is a critical-severity SQL Injection (CWE-89) vulnerability in Renren Renren-Security. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-70821 is a SQL injection vulnerability (CWE-89) in the BaseServiceImpl.java component of renren-secuity prior to version v5.5.0. Published on 2026-03-03T15:16:16.290, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no user interaction. Exploitation enables high-impact outcomes on confidentiality, integrity, and availability, allowing arbitrary SQL query execution that could result in data leakage, tampering, or system disruption.
Advisories reference proof-of-concept details at https://gist.github.com/sorzs/40dbc60504ab6cb0b592d9010d5ae8af, https://github.com/sorzs/test/tree/main, and https://github.com/sorzs/opencve/tree/main/CVE-2025-70821. Mitigation requires upgrading to renren-secuity v5.5.0 or later, as earlier versions remain exposed.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208233
Vulnerability details
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated SQL injection in a public-facing application component enables initial access via exploitation of a vulnerable public-facing app.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediating the SQL injection flaw in BaseServiceImpl.java by upgrading to renren-security v5.5.0 or later directly eliminates the vulnerability.
Validating information inputs to the BaseServiceImpl.java component prevents malicious SQL code injection by unauthenticated remote attackers.
Monitoring system activities detects anomalous SQL queries and indicators of SQL injection exploitation attempts.