CVE-2025-24290
📋 TL;DR
Multiple authenticated SQL injection vulnerabilities in UISP Application version 2.4.206 and earlier allow attackers with low-privilege accounts to execute arbitrary SQL commands. This could lead to privilege escalation, data theft, or complete system compromise. Organizations running vulnerable UISP versions are affected.
💻 Affected Systems
- UISP Application
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover: attacker gains administrative access, exfiltrates sensitive data, modifies configurations, or deploys ransomware.
Likely Case
Privilege escalation leading to unauthorized access to network management functions, customer data exposure, and potential lateral movement.
If Mitigated
Limited impact if proper network segmentation, least privilege access, and input validation are implemented.
🎯 Exploit Status
SQL injection vulnerabilities are well-understood and often easily weaponized once details are public.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.4.207 or later
Vendor Advisory: https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d
Restart Required: Yes
Instructions:
1. Backup UISP configuration and database. 2. Update UISP to version 2.4.207 or later via the admin interface or command line. 3. Restart UISP services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to UISP management interface to trusted IPs only.
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Least Privilege Access
allReview and minimize low-privilege user accounts in UISP.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the UISP interface.
- Monitor for unusual SQL queries or privilege escalation attempts in UISP logs.
🔍 How to Verify
Check if Vulnerable:
Check UISP version in admin interface or run: cat /usr/lib/uisp/version.txtCheck Version:
cat /usr/lib/uisp/version.txtVerify Fix Applied:
Confirm version is 2.4.207 or later and test SQL injection attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in UISP logs
- Multiple failed login attempts followed by successful admin actions
Network Indicators:
- Unexpected outbound connections from UISP server
- SQL error messages in HTTP responses
SIEM Query:
source="uisp.log" AND ("sql" OR "injection" OR "privilege")