CVE-2025-5170 – This critical SQL injection vulnerability in ll... (How to Fix)

📋 TL;DR

This critical SQL injection vulnerability in llisoft MTA Maita Training System 4.5 allows remote attackers to execute arbitrary SQL commands via the stTypeIds parameter in the AdminShitiListRequestVo function. Organizations using this training system are affected, particularly those with internet-facing deployments.

💻 Affected Systems

Products:

llisoft MTA Maita Training System

Versions: 4.5

Operating Systems: Any OS running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the AdminShitiController component specifically. Requires the vulnerable endpoint to be accessible.

📦 What is this software?

Mta Maita Training System by Llisoft

View all CVEs affecting Mta Maita Training System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized access to sensitive training data, user information, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit has been publicly disclosed. Attack requires access to the vulnerable endpoint, which appears to be in an admin controller.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Contact llisoft for official patch
2. If no patch available, implement workarounds
3. Consider upgrading to a newer version if available

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for stTypeIds parameter to allow only expected values

Implement parameterized queries or stored procedures in AdminShitiController.java

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

Configure WAF to block SQL injection patterns targeting stTypeIds parameter

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with strict input validation
Implement network segmentation to limit database access from application servers

🔍 How to Verify

Check if Vulnerable:

Check if AdminShitiController.java contains raw SQL queries with stTypeIds parameter concatenation

Check Version:

Check application version in system settings or configuration files

Verify Fix Applied:

Verify parameterized queries are used and input validation is implemented for stTypeIds

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL injection patterns

Network Indicators:

HTTP requests with SQL injection payloads in stTypeIds parameter
Unusual database traffic from application server

SIEM Query:

source="web_logs" AND (stTypeIds CONTAINS "' OR" OR stTypeIds CONTAINS "UNION" OR stTypeIds CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-5170

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: May 26, 2025

Last Updated: June 3, 2025

🔗 References

https://vuldb.com/?ctiid.310258 Permissions Required,VDB Entry
https://vuldb.com/?id.310258 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.579069 Third Party Advisory,VDB Entry
https://wx.mail.qq.com/s?k=oVXdxVkeZQAlUQwVe2 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5170, you might also want to check these: