CVE-2025-41348 – A critical SQL injection vulnerability in WinPl... (How to Fix)

Q: What is the severity of CVE-2025-41348?

CVE-2025-41348 has a CVSS score of 9.8 (CRITICAL). A critical SQL injection vulnerability in WinPlus v24.11.27 allows attackers to execute arbitrary SQL commands via specially crafted POST requests. This enables complete database manipulation including data theft, modification, and deletion. All organizations using the vulnerable WinPlus version are affected.

📋 TL;DR

A critical SQL injection vulnerability in WinPlus v24.11.27 allows attackers to execute arbitrary SQL commands via specially crafted POST requests. This enables complete database manipulation including data theft, modification, and deletion. All organizations using the vulnerable WinPlus version are affected.

💻 Affected Systems

Products:

WinPlus by Informática del Este

Versions: v24.11.27

Operating Systems: Windows (presumed based on product name)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of the specified version.

📦 What is this software?

Winplus by Iest

View all CVEs affecting Winplus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data destruction, sensitive information exfiltration, and potential lateral movement to other systems.

🟠

Likely Case

Data theft, unauthorized data modification, and potential privilege escalation within the database.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules block malicious requests.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via POST requests, making internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, any user with network access to the service can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via POST parameters is well-understood and easily weaponized. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Restart Required: No

Instructions:

Contact Informática del Este for patch information. Monitor their official channels for security updates.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection patterns in POST requests to the vulnerable endpoint

Input Validation Filter

all

Add server-side input validation to sanitize 'val1' and 'cont' parameters before processing

🧯 If You Can't Patch

Block external access to /WinplusPortal/ws/sWinplus.svc/json/getacumper_post endpoint at network perimeter
Implement strict database user permissions and monitor for unusual SQL queries

🔍 How to Verify

Check if Vulnerable:

Test by sending a POST request with SQL injection payloads in 'val1' or 'cont' parameters to the vulnerable endpoint

Check Version:

Check WinPlus version in application interface or configuration files

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error messages

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple POST requests to the vulnerable endpoint with suspicious parameters

Network Indicators:

POST requests to /WinplusPortal/ws/sWinplus.svc/json/getacumper_post containing SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/WinplusPortal/ws/sWinplus.svc/json/getacumper_post" AND (param="val1" OR param="cont") AND (value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "DROP" OR value CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-41348

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.05% exploit probability (13.7th percentile)

Published: November 18, 2025

Last Updated: November 19, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41348, you might also want to check these: