Cyber Posture

CVE-2025-2601

MediumPublic PoC

Published: 21 March 2025

Published
21 March 2025
Modified
14 May 2025
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0006 18.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.

Security Summary

CVE-2025-2601 is a critical SQL injection vulnerability (CWE-74, CWE-89) in SourceCodester Kortex Lite Advocate Office Management System 1.0. The flaw affects an unknown part of the file activate_reg.php, where manipulation of the ID argument enables SQL injection.

The vulnerability is remotely exploitable over the network with low attack complexity and requires low privileges (PR:L) but no user interaction. Attackers can achieve low impacts on confidentiality, integrity, and availability, as reflected in its CVSS 3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Advisories and details are available via VulDB entries (https://vuldb.com/?ctiid.300585, https://vuldb.com/?id.300585, https://vuldb.com/?submit.517959) and a GitHub issue (https://github.com/Hefei-Coffee/cve/issues/10), along with the vendor site (https://www.sourcecodester.com/).

The exploit has been publicly disclosed and may be used.

Details

CWE(s)
CWE-74CWE-89

Affected Products

mayurik
advocate office management system
1.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
T1505 Server Software Component Persistence
Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing web app (activate_reg.php) enables remote exploitation (T1190, T1505) and unauthorized database queries for data collection/extraction (T1213.006), with potential CIA impacts.

References