SQL Injection Vulnerability in huija bicycleSharingServer
CVE-2025-6738

6.3MEDIUM

Key Information:

Vendor: huija
Status: bicycleSharingServer
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-6738?

A significant vulnerability exists in the huija bicycleSharingServer that allows attackers to exploit a SQL injection in the userDao.selectUserByUserNameLike function within UserServiceImpl.java. This flaw can be remotely executed, potentially allowing unauthorized access to sensitive user information. As the product follows a rolling release model for continuous delivery, exact versioning for patched or affected releases has not been specified, leaving users at risk if updates are not regularly monitored.

References

https://github.com/huija/bicycleSharingServer/issues/5

https://vuldb.com/?ctiid.314012

https://vuldb.com/?id.314012

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025