SQL Injection Vulnerability in ESAFENET CDG by ESAFENET
CVE-2025-2927

6.9MEDIUM

Key Information:

Vendor: Esafenet
Status: Cdg
Vendor: CVE Published:; 28 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2927?

A SQL injection vulnerability has been identified in ESAFENET CDG 5.6.3.154.205 that allows attackers to manipulate the 'typename' parameter in the '/parameter/getFileTypeList.jsp' file. This weakness could be exploited remotely to gain unauthorized access to the database, potentially exposing sensitive data. The issue was disclosed publicly, raising concerns over the security of affected systems. Despite early disclosures to the vendor, there has been no communication regarding a patch or mitigation measures.

Affected Version(s)

CDG 5.6.3.154.205

References

https://vuldb.com/?id.301902

vdb-entrytechnical-description

https://vuldb.com/?ctiid.301902

signaturepermissions-required

https://vuldb.com/?submit.521263

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 28, 2025
Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

207556249 (VulDB User)

Esafenet