Login Sign Up

CVE-2025-11316

7.3 HIGH
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in Tipray's Data Leakage Prevention System version 1.0. Attackers can exploit the findCategoryPage.do endpoint by manipulating the tenantId parameter to execute arbitrary SQL commands. The vulnerability is remotely exploitable and affects organizations using this specific Chinese data protection software.

💻 Affected Systems

Products:
  • Tipray Data Leakage Prevention System
Versions: 1.0
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Specific to Chinese-language Tipray DLP system. The vulnerability exists in the findCategoryPage.do endpoint.

📦 What is this software?

Data Leakage Prevention System by Tipray

View all CVEs affecting Data Leakage Prevention System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the DLP database including exfiltration of sensitive data, credential theft, and potential lateral movement to connected systems.

🟠

Likely Case

Data exfiltration from the DLP system, including potentially sensitive information about data protection policies and monitored data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. The vendor has not responded to disclosure attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or system replacement.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection patterns targeting the findCategoryPage.do endpoint

WAF-specific configuration commands

Network Segmentation

all

Restrict access to the DLP system to authorized internal networks only

firewall rules to limit access to specific IP ranges

🧯 If You Can't Patch

  • Isolate the DLP system from internet access and restrict to internal trusted networks only
  • Implement database-level protections: use least privilege accounts, enable SQL injection protection features

🔍 How to Verify

Check if Vulnerable:

Test the findCategoryPage.do endpoint with SQL injection payloads in the tenantId parameter

Check Version:

Check system version through administrative interface or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and return appropriate error messages

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts or parameter manipulation in web logs

Network Indicators:

  • Unusual outbound database connections from DLP system
  • SQL error messages in HTTP responses

SIEM Query:

web.url:*findCategoryPage.do* AND (web.param:*tenantId* OR web.status:500)

📊 Metadata

CVE ID: CVE-2025-11316
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: October 6, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11316, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)