CVE-2025-62617 – An authenticated SQL injection vulnerability in... (How to Fix)

Q: What is the severity of CVE-2025-62617?

CVE-2025-62617 has a CVSS score of 7.2 (HIGH). An authenticated SQL injection vulnerability in Admidio allows users with role assignment permissions to execute arbitrary SQL commands. This can lead to full database compromise including data theft, modification, or deletion. Affected are all Admidio installations prior to version 4.3.17.

📋 TL;DR

An authenticated SQL injection vulnerability in Admidio allows users with role assignment permissions to execute arbitrary SQL commands. This can lead to full database compromise including data theft, modification, or deletion. Affected are all Admidio installations prior to version 4.3.17.

💻 Affected Systems

Products:

Admidio

Versions: All versions prior to 4.3.17

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with role assignment permissions (typically administrators or users with specific privileges).

📦 What is this software?

Admidio by Admidio

View all CVEs affecting Admidio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of all user data, credential theft, privilege escalation, and potential server takeover via database functions.

🟠

Likely Case

Data theft of sensitive user information, privilege escalation to administrative access, and potential lateral movement within the database.

🟢

If Mitigated

Limited impact if proper network segmentation, database permissions, and monitoring are in place, but still significant risk to application data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection is well-understood with many available tools. Requires authenticated access with specific permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.17

Vendor Advisory: https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33

Restart Required: No

Instructions:

1. Backup your Admidio installation and database. 2. Download version 4.3.17 or later from the official repository. 3. Replace existing files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Database User Permission Restriction

all

Limit database user permissions to only necessary operations (SELECT, INSERT, UPDATE) and remove DROP, CREATE, EXECUTE privileges.

-- MySQL example: REVOKE DROP, CREATE, EXECUTE ON admidio.* FROM 'admidio_user'@'localhost';

Network Access Control

linux

Restrict access to Admidio administration interface to trusted IP addresses only.

# Apache example: <Location /admidio/admin> Order deny,allow Deny from all Allow from 192.168.1.0/24 </Location>

🧯 If You Can't Patch

Immediately restrict role assignment permissions to only essential administrators.
Implement web application firewall (WAF) with SQL injection protection rules.

🔍 How to Verify

Check if Vulnerable:

Check Admidio version in admin interface or by examining version.php file. If version is below 4.3.17, system is vulnerable.

Check Version:

grep -r 'ADMIDIO_VERSION' /path/to/admidio/version.php

Verify Fix Applied:

Confirm version is 4.3.17 or higher in admin interface. Test role assignment functionality to ensure it works without errors.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by role assignment activities
Unexpected database schema changes

Network Indicators:

SQL injection patterns in HTTP requests to role assignment endpoints
Unusual database connection patterns from application server

SIEM Query:

source="web_logs" AND (uri_path="*/adm_program/modules/members/members_function.php" OR uri_path="*/adm_program/modules/roles/roles_function.php") AND (query_string="*sql*" OR query_string="*union*" OR query_string="*select*" OR query_string="*insert*")

📊 Metadata

CVE ID: CVE-2025-62617

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.04% exploit probability (9.9th percentile)

Published: October 22, 2025

Last Updated: October 30, 2025

🔗 References

https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb Patch
https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62617, you might also want to check these: