CVE-2025-1820 – This critical SQL injection vulnerability in zj... (How to Fix)

Q: What is the severity of CVE-2025-1820?

CVE-2025-1820 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in zj1983 zz software allows remote attackers to execute arbitrary SQL commands by manipulating the tableId parameter in the getOaWid function. Affected systems include all versions up to 2024-8, potentially enabling data theft, modification, or complete system compromise.

📋 TL;DR

This critical SQL injection vulnerability in zj1983 zz software allows remote attackers to execute arbitrary SQL commands by manipulating the tableId parameter in the getOaWid function. Affected systems include all versions up to 2024-8, potentially enabling data theft, modification, or complete system compromise.

💻 Affected Systems

Products:

zj1983 zz

Versions: All versions up to 2024-8

Operating Systems: Any OS running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the zworkflow component specifically; requires the vulnerable function to be exposed via application endpoints.

📦 What is this software?

Zz by Zframeworks

View all CVEs affecting Zz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, data destruction, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential privilege escalation within the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - Remote exploitation capability with public exploit available.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub; remote exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor unresponsive

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for tableId parameter to allow only expected values

# Application-level code modification required
# Add validation in getOaWid function: if (!tableId.matches("^[a-zA-Z0-9_]+$")) throw new IllegalArgumentException();

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

# Example ModSecurity rule:
SecRule ARGS:tableId "@detectSQLi" "id:1001,phase:2,deny,status:403,msg:'SQL Injection Attempt'"

🧯 If You Can't Patch

Network segmentation: Isolate affected systems from internet and restrict access to trusted networks only
Database hardening: Implement least privilege database accounts, enable auditing, and monitor for suspicious queries

🔍 How to Verify

Check if Vulnerable:

Test the vulnerable endpoint with SQL injection payloads in tableId parameter and observe database errors or unexpected behavior

Check Version:

Check application version in configuration files or via application interface

Verify Fix Applied:

Attempt SQL injection after implementing workarounds; successful fixes should reject malicious input or return generic errors

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in application logs
Unusual database query patterns
Multiple failed parameter validation attempts

Network Indicators:

HTTP requests with SQL keywords in tableId parameter
Unusual database connection patterns from application servers

SIEM Query:

source="application.log" AND ("SQL" OR "syntax" OR "tableId") AND error

📊 Metadata

CVE ID: CVE-2025-1820

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.13% exploit probability (32th percentile)

Published: March 2, 2025

Last Updated: May 26, 2025

🔗 References

https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8_SQL%E6%B3%A8%E5%85%A51.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.298093 Permissions Required,VDB Entry
https://vuldb.com/?id.298093 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.504478 Third Party Advisory,VDB Entry
https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8_SQL%E6%B3%A8%E5%85%A51.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1820, you might also want to check these: