CVE-2025-56699
📋 TL;DR
An unauthenticated SQL injection vulnerability in Base Digitale Group's Centrax Open PSIM version 6.1 allows attackers to execute arbitrary SQL commands via the sender parameter in the cmd component. This affects organizations using this specific version of the physical security information management software. Attackers could potentially access, modify, or delete database information.
💻 Affected Systems
- Base Digitale Group Centrax Open PSIM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, or complete system takeover through privilege escalation.
Likely Case
Unauthorized data access and potential data exfiltration from the PSIM database.
If Mitigated
Limited impact with proper input validation and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Exploitation requires no authentication and uses standard SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: Not available
Restart Required: No
Instructions:
Contact Base Digitale Group for patch information and upgrade guidance.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and parameterized queries for the sender parameter.
Web Application Firewall
allDeploy WAF with SQL injection protection rules to block malicious requests.
🧯 If You Can't Patch
- Isolate the Centrax PSIM system from untrusted networks
- Implement strict network segmentation and access controls
🔍 How to Verify
Check if Vulnerable:
Check if running Centrax Open PSIM version 6.1 and test sender parameter for SQL injection vulnerabilities.Check Version:
Check application version in admin interface or configuration files.Verify Fix Applied:
Verify version has been updated or test that SQL injection attempts are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts following SQL injection patterns
Network Indicators:
- HTTP requests with SQL syntax in sender parameter
- Unusual database connection patterns
SIEM Query:
search 'sender' AND ('UNION' OR 'SELECT' OR 'INSERT' OR 'DELETE' OR 'UPDATE' OR 'OR 1=1')