CVE-2025-2112 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-2112?

CVE-2025-2112 has a CVSS score of 6.3 (MEDIUM). This is a critical SQL injection vulnerability in the user-xiangpeng yaoqishan software that allows remote attackers to execute arbitrary SQL commands via the typeId parameter in the getMediaLisByFilter function. The vulnerability affects all versions up to commit a47fec4a31cbd13698c592dfdc938c8824dd25e4, and the exploit has been publicly disclosed.

📋 TL;DR

This is a critical SQL injection vulnerability in the user-xiangpeng yaoqishan software that allows remote attackers to execute arbitrary SQL commands via the typeId parameter in the getMediaLisByFilter function. The vulnerability affects all versions up to commit a47fec4a31cbd13698c592dfdc938c8824dd25e4, and the exploit has been publicly disclosed.

💻 Affected Systems

Products:

user-xiangpeng yaoqishan

Versions: All versions up to commit a47fec4a31cbd13698c592dfdc938c8824dd25e4

Operating Systems: Any OS running the affected Java application

Default Config Vulnerable: ⚠️ Yes

Notes: This product uses rolling releases, so specific version numbers are not available. All deployments using code up to the specified commit are vulnerable.

📦 What is this software?

Yaoqishan by User Xiangpeng

View all CVEs affecting Yaoqishan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation through database manipulation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or unauthenticated attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Consider migrating to a different solution or implementing the workarounds below.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the typeId parameter to only accept expected values

Modify MediaInfoService.java to validate typeId parameter before use

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Configure WAF to block SQL injection patterns in typeId parameter

🧯 If You Can't Patch

Isolate the affected system from the internet and restrict network access
Implement database-level controls: use least privilege accounts, enable audit logging

🔍 How to Verify

Check if Vulnerable:

Check if your deployment uses code from commit a47fec4a31cbd13698c592dfdc938c8824dd25e4 or earlier. Test with SQL injection payloads in typeId parameter.

Check Version:

git log --oneline -1 (to check current commit hash)

Verify Fix Applied:

Verify that SQL injection attempts in the typeId parameter are properly blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts or parameter manipulation in application logs

Network Indicators:

SQL keywords in HTTP parameters (SELECT, UNION, etc.)
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (typeId CONTAINS "UNION" OR typeId CONTAINS "SELECT" OR typeId CONTAINS "--")

📊 Metadata

CVE ID: CVE-2025-2112

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.13% exploit probability (32th percentile)

Published: March 8, 2025

Last Updated: June 27, 2025

🔗 References

https://github.com/xiaolian-11/code_demo/blob/main/yaoqishan-sql.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.299005 Permissions Required,VDB Entry
https://vuldb.com/?id.299005 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.506085 Third Party Advisory,VDB Entry
https://github.com/xiaolian-11/code_demo/blob/main/yaoqishan-sql.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2112, you might also want to check these: