CVE-2025-1958 – This critical SQL injection vulnerability in aa... (How to Fix)

Q: What is the severity of CVE-2025-1958?

CVE-2025-1958 has a CVSS score of 6.3 (MEDIUM). This critical SQL injection vulnerability in aaluoxiang oa_system 1.0 allows remote attackers to execute arbitrary SQL commands via the 'outtype' parameter in address-mapper.xml. Attackers can potentially access, modify, or delete database content. All users running the vulnerable version are affected.

📋 TL;DR

This critical SQL injection vulnerability in aaluoxiang oa_system 1.0 allows remote attackers to execute arbitrary SQL commands via the 'outtype' parameter in address-mapper.xml. Attackers can potentially access, modify, or delete database content. All users running the vulnerable version are affected.

💻 Affected Systems

Products:

aaluoxiang oa_system

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration via the address-mapper.xml file.

📦 What is this software?

Oa System by Aaluoxiang

View all CVEs affecting Oa System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, data manipulation, or privilege escalation through SQL injection.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub, remote exploitation possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the 'outtype' parameter to allow only expected values.

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint.

🧯 If You Can't Patch

Isolate the oa_system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Check if running aaluoxiang oa_system version 1.0 and examine if address-mapper.xml contains vulnerable SQL queries with 'outtype' parameter.

Check Version:

Check application configuration files or documentation for version information.

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts via SQL injection patterns
Database error messages containing SQL syntax

Network Indicators:

HTTP requests with SQL keywords in 'outtype' parameter
Unusual database connection patterns from application server

SIEM Query:

source="oa_system_logs" AND (message="*SQL*" OR message="*outtype*" OR message="*address-mapper*")

📊 Metadata

CVE ID: CVE-2025-1958

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.13% exploit probability (32th percentile)

Published: March 4, 2025

Last Updated: October 15, 2025

🔗 References

https://github.com/qkdjksfkeg/cve_article/blob/main/oasys/SQL%20injection.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.298559 Permissions Required,VDB Entry
https://vuldb.com/?id.298559 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.510750 Third Party Advisory,VDB Entry
https://github.com/qkdjksfkeg/cve_article/blob/main/oasys/SQL%20injection.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1958, you might also want to check these: