CVE-2025-15238 – QOCA aim AI Medical Cloud Platform has a SQL in... (How to Fix)

Q: What is the severity of CVE-2025-15238?

CVE-2025-15238 has a CVSS score of 6.5 (MEDIUM). QOCA aim AI Medical Cloud Platform has a SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands and read database contents. This affects healthcare organizations using Quanta Computer's cloud platform for medical data management.

📋 TL;DR

QOCA aim AI Medical Cloud Platform has a SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands and read database contents. This affects healthcare organizations using Quanta Computer's cloud platform for medical data management.

💻 Affected Systems

Products:

QOCA aim AI Medical Cloud Platform

Versions: Specific versions not disclosed in available references

Operating Systems: Not specified - cloud platform

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit. Medical cloud platform handling sensitive healthcare data.

📦 What is this software?

Qoca Aim by Quantatw

View all CVEs affecting Qoca Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive patient health records, medical history, and personally identifiable information being exfiltrated or modified.

🟠

Likely Case

Unauthorized access to medical data, potential exposure of patient records, and possible data integrity issues in the database.

🟢

If Mitigated

Limited data exposure if proper input validation and parameterized queries are implemented, with minimal impact on system availability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic web security testing tools. Requires authenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html

Restart Required: No

Instructions:

1. Contact Quanta Computer for security updates. 2. Apply vendor-provided patches. 3. Verify fix implementation.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all database interactions

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Implement network segmentation to isolate the medical cloud platform
Enforce strict access controls and monitor for unusual database queries

🔍 How to Verify

Check if Vulnerable:

Review application code for SQL injection vulnerabilities or use security testing tools with authenticated access

Check Version:

Contact vendor for version information and patch verification

Verify Fix Applied:

Test with SQL injection payloads after patch application and verify no database errors or data leaks occur

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns
Multiple failed login attempts followed by database queries
Database error messages in application logs

Network Indicators:

Unusual database connection patterns
Large data transfers from database servers

SIEM Query:

source="application_logs" AND ("sql error" OR "database error" OR "syntax error") AND dest_port=3306

📊 Metadata

CVE ID: CVE-2025-15238

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.05% exploit probability (14.4th percentile)

Published: January 5, 2026

Last Updated: January 20, 2026

🔗 References

https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15238, you might also want to check these: