SQL Injection Vulnerability in ESAFENET CDG Software
CVE-2025-3400

6.9MEDIUM

Key Information:

Vendor: Esafenet
Status: Cdg
Vendor: CVE Published:; 8 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3400?

A critical security flaw exists in ESAFENET CDG 5.6.3.154.205_20250114, enabling SQL injection through the unprotected file /client/UnChkMailApplication.jsp. This vulnerability allows attackers to manipulate the 'typename' argument, which could lead to unauthorized data access and potential compromise of the affected systems. The risk is heightened due to the capability for remote exploitation. Despite being disclosed, there has been no response from the vendor concerning mitigation strategies. Organizations using this software should take immediate action to safeguard their systems.

Affected Version(s)

CDG 5.6.3.154.205_20250114

References

https://vuldb.com/?id.303645

vdb-entrytechnical-description

https://vuldb.com/?ctiid.303645

signaturepermissions-required

https://vuldb.com/?submit.525611

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 8, 2025
Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

XU NIE (VulDB User)

Esafenet