CVE-2025-15392 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-15392?

CVE-2025-15392 has a CVSS score of 6.3 (MEDIUM). This CVE describes a SQL injection vulnerability in Kohana KodiCMS's Search API Endpoint. Attackers can remotely exploit this by manipulating the 'keyword' parameter to execute arbitrary SQL commands. All KodiCMS installations up to version 13.82.135 are affected.

📋 TL;DR

This CVE describes a SQL injection vulnerability in Kohana KodiCMS's Search API Endpoint. Attackers can remotely exploit this by manipulating the 'keyword' parameter to execute arbitrary SQL commands. All KodiCMS installations up to version 13.82.135 are affected.

💻 Affected Systems

Products:

Kohana KodiCMS

Versions: up to 13.82.135

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Search API Endpoint component specifically.

📦 What is this software?

Kodicms by Kodicms Kohana

View all CVEs affecting Kodicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, modification, or deletion, potentially leading to full system takeover.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, or database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit is publicly available and can be launched remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to any version above 13.82.135 if available, or apply workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the 'keyword' parameter in the Search API Endpoint.

WAF Rule

all

Deploy a web application firewall rule to block SQL injection patterns targeting the search endpoint.

🧯 If You Can't Patch

Disable the Search API Endpoint if not required.
Implement network segmentation to restrict access to the vulnerable system.

🔍 How to Verify

Check if Vulnerable:

Check KodiCMS version in admin panel or via file system. If version is 13.82.135 or lower, system is vulnerable.

Check Version:

Check admin panel or examine version files in the KodiCMS installation directory.

Verify Fix Applied:

Verify version is above 13.82.135 or test the Search API Endpoint with SQL injection payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed search attempts with special characters

Network Indicators:

HTTP requests to search endpoint with SQL keywords or special characters

SIEM Query:

source="web_logs" AND (url="*search*" OR url="*api*search*") AND (query="*UNION*" OR query="*SELECT*" OR query="*OR*1=1*")

📊 Metadata

CVE ID: CVE-2025-15392

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.04% exploit probability (9.8th percentile)

Published: December 31, 2025

Last Updated: January 14, 2026

🔗 References

https://vuldb.com/?ctiid.339161 Permissions Required,VDB Entry
https://vuldb.com/?id.339161 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.718289 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15392, you might also want to check these: