CVE-2025-13319
📋 TL;DR
This SQL injection vulnerability in Digi On-Prem Manager's API allows authenticated attackers to execute arbitrary SQL commands. Organizations using Digi On-Prem Manager with API enabled and API tokens issued are affected. The vulnerability requires both API access and valid credentials to exploit.
💻 Affected Systems
- Digi On-Prem Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the database including data theft, data manipulation, privilege escalation, and potential remote code execution on the underlying server.
Likely Case
Unauthorized data access and extraction from the Digi On-Prem Manager database, potentially exposing sensitive device management information.
If Mitigated
Limited impact due to API being disabled by default and requiring valid API tokens, with proper input validation preventing successful exploitation.
🎯 Exploit Status
Requires valid API token but SQL injection is typically straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided reference
Vendor Advisory: https://dom.nettec.no/security-advisories/DOM-25-001/
Restart Required: Yes
Instructions:
1. Check vendor advisory for specific patched versions
2. Download and apply the security update from Digi
3. Restart Digi On-Prem Manager service
4. Verify API functionality post-update
🔧 Temporary Workarounds
Disable API Feature
allCompletely disable the vulnerable API functionality
Consult Digi On-Prem Manager documentation for API disable procedure
Restrict API Token Access
allRevoke all existing API tokens and only issue to trusted applications with minimal privileges
Use Digi On-Prem Manager admin interface to manage API tokens
🧯 If You Can't Patch
- Disable the API feature entirely in Digi On-Prem Manager configuration
- Implement network-level restrictions to limit API access to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check if API feature is enabled in Digi On-Prem Manager configuration and if any API tokens have been issuedCheck Version:
Check Digi On-Prem Manager admin interface or documentation for version check procedureVerify Fix Applied:
Verify installed version matches patched version from vendor advisory and test API endpoints with SQL injection test payloads📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns in application logs
- Multiple failed API authentication attempts followed by successful login
- Unexpected database access patterns
Network Indicators:
- Unusual API request patterns containing SQL keywords
- High volume of requests to API endpoints from single source
SIEM Query:
source="digi-onprem-manager" AND (message="SQL" OR message="SELECT" OR message="UNION" OR message="INSERT")