CVE-2025-54554
📋 TL;DR
This vulnerability in Tera Insights tiCrypt's tiaudit component allows unauthenticated attackers to make REST API requests that expose sensitive information about SQL queries and database structure. Organizations using tiCrypt before version 2025-07-17 are affected. The exposure could facilitate more sophisticated attacks by revealing internal database architecture.
💻 Affected Systems
- Tera Insights tiCrypt
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map the entire database schema, identify sensitive tables/columns, and use this information to craft targeted SQL injection attacks or data exfiltration campaigns.
Likely Case
Information disclosure that reveals database structure, potentially exposing sensitive table names, column structures, and query patterns that could aid in further attacks.
If Mitigated
Limited exposure of non-sensitive metadata with proper network segmentation and authentication controls in place.
🎯 Exploit Status
Exploitation requires only unauthenticated HTTP requests to the vulnerable REST endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version from 2025-07-17 onward
Vendor Advisory: https://ticrypt.com/docs/ticrypt-backend/audit/rest
Restart Required: No
Instructions:
1. Update tiCrypt to version 2025-07-17 or later. 2. Verify the tiaudit component properly validates authentication. 3. Test REST API endpoints for proper access controls.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to tiaudit REST API endpoints using firewall rules or network segmentation.
Authentication Enforcement
allConfigure the tiaudit component to require authentication for all REST API requests.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate tiCrypt systems from untrusted networks
- Deploy a web application firewall (WAF) with rules to block unauthenticated requests to tiaudit endpoints
🔍 How to Verify
Check if Vulnerable:
Attempt unauthenticated HTTP GET request to tiaudit REST endpoints (e.g., /api/tiaudit/...) and check if database structure information is returned.Check Version:
Check tiCrypt version through admin interface or configuration filesVerify Fix Applied:
Test the same unauthenticated requests after patching - they should return authentication errors or no sensitive data.📡 Detection & Monitoring
Log Indicators:
- Unusual volume of unauthenticated requests to tiaudit endpoints
- Requests to tiaudit API from unexpected IP addresses
Network Indicators:
- HTTP traffic to tiaudit REST endpoints without authentication headers
- Pattern of information-gathering requests to database-related endpoints
SIEM Query:
source="tiCrypt" AND (uri_path="/api/tiaudit" OR uri_path CONTAINS "tiaudit") AND NOT auth_success="true"