SQL Injection Vulnerability in CRMEB-KY Product by J-0k3r
CVE-2025-25763

9.8CRITICAL

Key Information:

Vendor: J-0k3r
Status: CRMEB-KY
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-25763?

The CRMEB-KY product version 5.4.0 and earlier contains a SQL Injection vulnerability located in the getRead() function within the SystemDatabackupServices.php file. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and exposure. It is critical to apply necessary patches and conduct thorough security assessments to safeguard your applications from exploitation.

References

https://github.com/J-0k3r/sql/blob/main/sql.pdf

https://github.com/J-0k3r/CVE-2025-25763

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Feb 7, 2025

CVE-2025-25763 Data

JSON