Login Sign Up

CVE-2025-3956

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in novel-cloud 1.4.0 allows remote attackers to execute arbitrary SQL commands through the RestResp function in BookInfoMapper.xml. Attackers can potentially access, modify, or delete database content. Organizations using novel-cloud 1.4.0 are affected.

💻 Affected Systems

Products:
  • novel-cloud
Versions: 1.4.0
Operating Systems: Any OS running novel-cloud
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the BookInfoMapper.xml file in the novel-book-service component.

📦 What is this software?

Novel Cloud by Xxyopen

View all CVEs affecting Novel Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access and extraction from the novel-cloud database, potentially exposing sensitive information.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely and exploit is publicly available.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the vulnerable service.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all database interactions

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

🧯 If You Can't Patch

  • Isolate the novel-cloud service in a restricted network segment with minimal external access
  • Implement database user with least privilege permissions and disable unnecessary database functions

🔍 How to Verify

Check if Vulnerable:

Check if running novel-cloud version 1.4.0 and examine BookInfoMapper.xml for vulnerable RestResp function

Check Version:

Check application configuration files or deployment manifests for version information

Verify Fix Applied:

Test SQL injection attempts against the RestResp endpoint to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in application logs
  • Multiple failed login attempts or parameter manipulation attempts

Network Indicators:

  • SQL keywords in HTTP parameters (SELECT, UNION, INSERT, etc.)
  • Unusual database connection patterns

SIEM Query:

source="novel-cloud" AND (http.uri="*RestResp*" AND http.param="*sql*" OR http.param="*union*" OR http.param="*select*")

📊 Metadata

CVE ID: CVE-2025-3956
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.07% exploit probability (22.2th percentile)
Published: April 27, 2025
Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3956, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)