CVE-2025-15239 – QOCA aim AI Medical Cloud Platform has a SQL in... (How to Fix)

Q: What is the severity of CVE-2025-15239?

CVE-2025-15239 has a CVSS score of 6.5 (MEDIUM). QOCA aim AI Medical Cloud Platform has a SQL injection vulnerability that allows authenticated remote attackers to execute arbitrary SQL commands and read database contents. This affects healthcare organizations using Quanta Computer's medical cloud platform with vulnerable versions.

📋 TL;DR

QOCA aim AI Medical Cloud Platform has a SQL injection vulnerability that allows authenticated remote attackers to execute arbitrary SQL commands and read database contents. This affects healthcare organizations using Quanta Computer's medical cloud platform with vulnerable versions.

💻 Affected Systems

Products:

QOCA aim AI Medical Cloud Platform

Versions: Specific versions not disclosed in references, but all versions before vendor patch are likely affected.

Operating Systems: Platform independent - affects the web application

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the platform. Medical/healthcare environments are primary targets.

📦 What is this software?

Qoca Aim by Quantatw

View all CVEs affecting Qoca Aim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive patient health information (PHI), medical records, user credentials, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to patient data, medical records, and system configuration information leading to data breach and regulatory violations.

🟢

If Mitigated

Limited data exposure if proper input validation and database permissions are enforced, but still represents a security weakness.

🌐 Internet-Facing: HIGH - Cloud platform accessible over internet with authenticated access required.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit, but requires authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - SQL injection is well-understood and tools exist for exploitation.

Requires authenticated access but SQL injection vulnerabilities are commonly exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references - contact vendor for patched version.

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html

Restart Required: Yes

Instructions:

1. Contact Quanta Computer for patched version. 2. Apply vendor-provided patch. 3. Restart application services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and parameterized queries at application layer.

Database Permission Reduction

all

Limit database user permissions to minimum required for application functionality.

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Isolate the vulnerable system from sensitive networks and implement strict access controls

🔍 How to Verify

Check if Vulnerable:

Test for SQL injection using safe testing methods on authenticated endpoints. Check with vendor for vulnerability assessment tools.

Check Version:

Check application version through admin interface or contact vendor support.

Verify Fix Applied:

Verify parameterized queries are implemented and test with SQL injection payloads that should be rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns
Multiple failed login attempts followed by SQL-like queries
Database error messages in application logs

Network Indicators:

SQL keywords in HTTP POST/GET parameters
Unusual database connection patterns from application servers

SIEM Query:

source="application_logs" AND ("sql" OR "database" OR "query") AND ("error" OR "exception" OR "injection")

📊 Metadata

CVE ID: CVE-2025-15239

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.05% exploit probability (14.4th percentile)

Published: January 5, 2026

Last Updated: January 20, 2026

🔗 References

https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15239, you might also want to check these: