CVE-2025-1641

HighPublic PoC

Published: 25 February 2025

Published

25 February 2025

Modified

28 February 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0018 39.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-1641 is a critical SQL injection vulnerability (CWE-74, CWE-89) affecting Benner ModernaNet versions up to 1.1.0. The flaw resides in an unknown component of the endpoint /AGE0000700/GetHorariosDoDia, specifically manipulable via parameters such as idespec=0, idproced=1103, data=2025-02-25+19%3A25, agserv=0, convenio=1, localatend=1, idplano=5, pesfis=01, idprofissional=0, target=.horarios--dia--d0, and _=1739371223797. Published on 2025-02-25, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its potential for unauthorized database manipulation.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables SQL injection, potentially allowing limited access to confidential data (low impact), minor integrity modifications, and low availability disruptions, as reflected in the CVSS metrics.

VulDB advisories recommend upgrading to Benner ModernaNet version 1.1.1 to mitigate the issue, which addresses the vulnerable component. Additional details are available in referenced sources including VulDB entries (ctiid.296691, id.296691, submit.499875) and a GitHub repository tracking the CVE.

Details

CWE(s): CWE-74CWE-89

Affected Products

modernasistemas

modernanet

≤ 1.1.1

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in public-facing web endpoint (T1190: Exploit Public-Facing Application) enables blind error-based extraction of database information such as schema and contents (T1213.006: Data from Information Repositories - Databases).

References

https://github.com/yago3008/cves
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.296691
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.296691
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.499875
Exploit, Third Party Advisory, VDB Entry · cna@vuldb.com