CVE-2025-40622 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-40622?

CVE-2025-40622 has a CVSS score of 9.8 (CRITICAL). This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticated attackers to execute arbitrary SQL commands through the 'username' parameter of the 'GetLastDatePasswordChange' endpoint. Attackers can read, modify, or delete all database information. All organizations using TCMAN GIM v11 are affected.

📋 TL;DR

This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticated attackers to execute arbitrary SQL commands through the 'username' parameter of the 'GetLastDatePasswordChange' endpoint. Attackers can read, modify, or delete all database information. All organizations using TCMAN GIM v11 are affected.

💻 Affected Systems

Products:

TCMAN GIM

Versions: v11

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration according to advisory. All deployments of GIM v11 are affected.

📦 What is this software?

Gim by Tcman

View all CVEs affecting Gim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including theft of all sensitive data, credential harvesting, data destruction, and potential lateral movement to other systems.

🟠

Likely Case

Data exfiltration of user credentials, personal information, and business data leading to privacy violations and operational disruption.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via HTTP parameters is well-understood with many available tools. Unauthenticated access makes exploitation trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim

Restart Required: No

Instructions:

1. Contact TCMAN vendor for patch availability 2. Monitor vendor website for security updates 3. Apply patch when available following vendor instructions

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Input Validation

all

Implement strict input validation on 'username' parameter to reject SQL special characters

🧯 If You Can't Patch

Isolate GIM system from internet and restrict internal network access
Implement database firewall rules to limit query types and block suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Test 'GetLastDatePasswordChange' endpoint with SQL injection payloads in username parameter

Check Version:

Check GIM administration interface or configuration files for version information

Verify Fix Applied:

Verify parameterized queries are implemented and input validation rejects SQL special characters

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from web application
Multiple failed login attempts with SQL syntax
Database error messages in application logs

Network Indicators:

HTTP requests to GetLastDatePasswordChange with SQL keywords in parameters
Unusual database traffic patterns

SIEM Query:

source="web_logs" AND uri="*GetLastDatePasswordChange*" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR*1=1*")

📊 Metadata

CVE ID: CVE-2025-40622

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.21% exploit probability (43th percentile)

Published: May 6, 2025

Last Updated: May 13, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40622, you might also want to check these: