Boolean-Based Blind SQL Injection in dotCMS by dotCMS
CVE-2025-8311

9.4CRITICAL

Key Information:

Vendor: Dotcms
Status: Dotcms Cloud Services (dcs)
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-8311?

The identified vulnerability allows authenticated attackers with minimal privileges to exploit a Boolean-based blind SQL injection through the /api/v1/contenttype endpoint of dotCMS. By manipulating the sites query parameter, it is possible to inject malicious SQL code, leading to unauthorized data extraction and potentially enabling denial-of-service conditions. The flaw arises from the inadequate sanitization of user inputs before they are concatenated into SQL queries. Security assessments using tools like SQLMap have confirmed this risk, underscoring the critical need for prompt updates to secure affected installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

dotCMS Cloud Services (dCS) 24.03.22+

References

https://dev.dotcms.com/docs/known-security-issues?issueNu...

vendor-advisoryissue-trackingrelated

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jul 29, 2025

JSON

Dotcms

What is CVE-2025-8311?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.