CVE-2025-11629 – This SQL injection vulnerability in RainyGao Do... (How to Fix)

Q: What is the severity of CVE-2025-11629?

CVE-2025-11629 has a CVSS score of 6.3 (MEDIUM). This SQL injection vulnerability in RainyGao DocSys allows attackers to execute arbitrary SQL commands through the getUserList function. It affects all versions up to 2.02.36 and can be exploited remotely without authentication. Organizations using vulnerable DocSys installations are at risk of data theft, modification, or system compromise.

📋 TL;DR

This SQL injection vulnerability in RainyGao DocSys allows attackers to execute arbitrary SQL commands through the getUserList function. It affects all versions up to 2.02.36 and can be exploited remotely without authentication. Organizations using vulnerable DocSys installations are at risk of data theft, modification, or system compromise.

💻 Affected Systems

Products:

RainyGao DocSys

Versions: All versions up to and including 2.02.36

Operating Systems: All platforms running DocSys

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Docsys by Docsys Project

View all CVEs affecting Docsys →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive user data, database manipulation, and potential lateral movement within the system.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider upgrading to any version above 2.02.36 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation and parameterized queries for the getUserList function

Implement prepared statements with parameter binding in the affected Java code

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Configure WAF to block requests containing SQL injection patterns to /Manage/getUserList.do

🧯 If You Can't Patch

Network segmentation: Isolate DocSys server from internet and restrict access to trusted IPs only
Database hardening: Implement least privilege database accounts and enable SQL injection protection at database level

🔍 How to Verify

Check if Vulnerable:

Test the /Manage/getUserList.do endpoint with SQL injection payloads (e.g., ' OR '1'='1) and observe database errors or unexpected responses

Check Version:

Check DocSys version in web interface or configuration files

Verify Fix Applied:

After implementing fixes, test with the same payloads and verify proper error handling or rejection of malicious input

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts or parameter manipulation in access logs
Requests to /Manage/getUserList.do with SQL keywords

Network Indicators:

Unusual database connections from web server
Large data transfers from database to external IPs

SIEM Query:

source="web_logs" AND uri="/Manage/getUserList.do" AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "OR '1'='1")

📊 Metadata

CVE ID: CVE-2025-11629

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.05% exploit probability (14.9th percentile)

Published: October 12, 2025

Last Updated: October 31, 2025

🔗 References

https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A5.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328041 Permissions Required,VDB Entry
https://vuldb.com/?id.328041 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664843 Third Party Advisory,VDB Entry
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A5.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11629, you might also want to check these: