CVE-2025-11912 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-11912?

CVE-2025-11912 has a CVSS score of 6.3 (MEDIUM). This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploit the 'orderField' parameter in the /DeviceState.do?Action=Query endpoint to execute arbitrary SQL commands. Organizations using this specific version of the Crocus system are affected.

📋 TL;DR

This CVE describes a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploit the 'orderField' parameter in the /DeviceState.do?Action=Query endpoint to execute arbitrary SQL commands. Organizations using this specific version of the Crocus system are affected.

💻 Affected Systems

Products:

Shenzhen Ruiming Technology Streamax Crocus

Versions: 1.3.40

Operating Systems: Not specified, likely embedded/Linux-based

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific version mentioned; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Streamax Crocus by Streamax

View all CVEs affecting Streamax Crocus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise allowing data theft, modification, or deletion; potential system takeover through SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information from the database, and potential system disruption.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or minimal data exposure.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely, and the exploit has been published.

🏢 Internal Only: MEDIUM - Still significant risk from internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: None - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF to filter malicious SQL injection attempts targeting the /DeviceState.do endpoint.

Input Validation Filter

all

Implement server-side validation to sanitize the 'orderField' parameter, allowing only expected values.

🧯 If You Can't Patch

Isolate the affected system from the internet and restrict network access to trusted IPs only.
Monitor database logs for unusual SQL queries and implement strict database user permissions.

🔍 How to Verify

Check if Vulnerable:

Test the /DeviceState.do?Action=Query endpoint with SQL injection payloads in the orderField parameter (e.g., orderField=1' OR '1'='1).

Check Version:

Check system version via web interface or configuration files; specific command depends on deployment.

Verify Fix Applied:

Retest with SQL injection payloads; successful fix should return error messages or no data instead of executing SQL.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
HTTP requests to /DeviceState.do with suspicious orderField values

Network Indicators:

HTTP traffic to /DeviceState.do containing SQL keywords (e.g., UNION, SELECT, DROP)

SIEM Query:

source="web_logs" AND uri="/DeviceState.do" AND (query="*orderField*" AND query="*' OR*" OR query="*UNION*" OR query="*SELECT*" OR query="*DROP*")

📊 Metadata

CVE ID: CVE-2025-11912

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.04% exploit probability (11th percentile)

Published: October 17, 2025

Last Updated: October 31, 2025

🔗 References

https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-5.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328922 Permissions Required,VDB Entry
https://vuldb.com/?id.328922 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.671455 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11912, you might also want to check these: