CVE-2025-26852 – DESCOR INFOCAD versions 3.5.1 and earlier conta... (How to Fix)

Q: What is the severity of CVE-2025-26852?

CVE-2025-26852 has a CVSS score of 10.0 (CRITICAL). DESCOR INFOCAD versions 3.5.1 and earlier contain a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This affects all users running vulnerable versions of the INFOCAD software. The vulnerability is fixed in version 3.5.2.0.

📋 TL;DR

DESCOR INFOCAD versions 3.5.1 and earlier contain a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This affects all users running vulnerable versions of the INFOCAD software. The vulnerability is fixed in version 3.5.2.0.

💻 Affected Systems

Products:

DESCOR INFOCAD

Versions: 3.5.1 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default.

📦 What is this software?

Infocad by Descor

View all CVEs affecting Infocad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential application-level authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.2.0

Vendor Advisory: https://www.infocadfm.com/changelog/sql-injection/

Restart Required: Yes

Instructions:

1. Download INFOCAD version 3.5.2.0 from the vendor website. 2. Backup current installation and database. 3. Run the installer to upgrade to version 3.5.2.0. 4. Restart the INFOCAD service and verify functionality.

🔧 Temporary Workarounds

Implement WAF Rules

all

Deploy web application firewall rules to block SQL injection patterns.

Database Permission Restrictions

all

Limit database user permissions to only necessary operations.

🧯 If You Can't Patch

Isolate the INFOCAD system from untrusted networks.
Implement strict network segmentation and monitor all database queries.

🔍 How to Verify

Check if Vulnerable:

Check INFOCAD version in application settings or About dialog. If version is 3.5.1 or earlier, the system is vulnerable.

Check Version:

Check application version through INFOCAD interface or registry key: HKEY_LOCAL_MACHINE\SOFTWARE\DESCOR\INFOCAD\Version

Verify Fix Applied:

Verify version shows 3.5.2.0 or higher in application settings.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by complex queries
SQL syntax errors in application logs

Network Indicators:

Unusual database connection patterns
SQL keywords in HTTP parameters
Excessive database requests from single source

SIEM Query:

source="database_logs" AND (sql="SELECT" OR sql="UNION" OR sql="OR 1=1") AND NOT user="authorized_user"

📊 Metadata

CVE ID: CVE-2025-26852

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.17% exploit probability (37.6th percentile)

Published: March 20, 2025

Last Updated: April 23, 2025

🔗 References

https://www.descor.com/prodotti/infocad Product
https://www.infocadfm.com/changelog/sql-injection/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26852, you might also want to check these: