SQL Injection Flaw in Baison Channel Middleware Product
CVE-2025-5493

5.3MEDIUM

Key Information:

Vendor

Baison

Status
Channel Middleware Product
Vendor
CVE Published:
3 June 2025

What is CVE-2025-5493?

A security vulnerability exists within the Baison Channel Middleware Product 2.0.1, specifically in a function of the file /e3api/api/main/ToJsonByControlName. This flaw allows an attacker to manipulate input data, potentially leading to SQL injection attacks. The vulnerability can be exploited remotely, exposing the system to unauthorized database access and manipulation. Public disclosure of the exploit raises urgent concerns for users to implement necessary security measures.

Affected Version(s)

Channel Middleware Product 2.0.1

References

https://vuldb.com/?id.310910
vdb-entrytechnical-description
https://vuldb.com/?ctiid.310910
signaturepermissions-required
https://vuldb.com/?submit.586972
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Orzzzz (VulDB User)
.
CVE-2025-5493 : SQL Injection Flaw in Baison Channel Middleware Product