CVE-2025-54396 – CVE-2025-54396 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-54396?

CVE-2025-54396 has a CVSS score of 5.4 (MEDIUM). CVE-2025-54396 is an SQL injection vulnerability in Netwrix Directory Manager (formerly Imanami GroupID) that allows authenticated users to execute arbitrary SQL commands. This affects organizations using vulnerable versions for identity and access management. Attackers could potentially read, modify, or delete database contents.

📋 TL;DR

CVE-2025-54396 is an SQL injection vulnerability in Netwrix Directory Manager (formerly Imanami GroupID) that allows authenticated users to execute arbitrary SQL commands. This affects organizations using vulnerable versions for identity and access management. Attackers could potentially read, modify, or delete database contents.

💻 Affected Systems

Products:

Netwrix Directory Manager
Imanami GroupID

Versions: 11.0.0.0 through 11.1.25162.01

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the application interface.

📦 What is this software?

Directory Manager by Netwrix

View all CVEs affecting Directory Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the directory management database, allowing attackers to exfiltrate sensitive identity data, modify user permissions, or disrupt identity management operations.

🟠

Likely Case

Data exfiltration from the database, including user credentials, group memberships, and directory information that could enable privilege escalation.

🟢

If Mitigated

Limited impact due to proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and knowledge of SQL injection techniques. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.25162.02

Vendor Advisory: https://community.netwrix.com/t/adv-2025-015-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/17192

Restart Required: No

Instructions:

1. Download patch version 11.1.25162.02 from Netwrix support portal. 2. Backup current installation and database. 3. Run the installer with administrative privileges. 4. Verify successful installation through the application interface.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation at the application layer to reject suspicious SQL patterns.

Database Permission Reduction

all

Reduce database user permissions to minimum required for application functionality.

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Restrict network access to only trusted administrative IP addresses

🔍 How to Verify

Check if Vulnerable:

Check the installed version in the application's About or Help section.

Check Version:

Check via application interface: Help > About Netwrix Directory Manager

Verify Fix Applied:

Verify version number shows 11.1.25162.02 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in application logs
Multiple failed authentication attempts followed by successful login
Database error messages containing SQL syntax

Network Indicators:

Unusual database connection patterns from application server
Large data transfers from database to unexpected destinations

SIEM Query:

source="netwrix-directory-manager" AND (message="*SQL*" OR message="*database error*")

📊 Metadata

CVE ID: CVE-2025-54396

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: August 7, 2025

Last Updated: August 11, 2025

🔗 References

https://community.netwrix.com/t/adv-2025-015-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/17192 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54396, you might also want to check these: