Login Sign Up

CVE-2025-63624

9.8 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

This SQL injection vulnerability in Shandong Kede Electronics' IoT smart water meter monitoring platform allows remote attackers to execute arbitrary SQL commands through the imei_list.aspx file. Attackers can potentially gain unauthorized access, manipulate data, or execute arbitrary code on affected systems. Organizations using version 1.0 of this platform are at risk.

💻 Affected Systems

Products:
  • Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform
Versions: v1.0
Operating Systems: Windows Server (likely)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component specifically through imei_list.aspx file. Requires the platform to be deployed and accessible.

📦 What is this software?

Iot Smart Water Meter Firmware by Sdkede

View all CVEs affecting Iot Smart Water Meter Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, steal sensitive data, manipulate water meter readings, and pivot to other network systems.

🟠

Likely Case

Data exfiltration, unauthorized access to monitoring data, potential manipulation of water meter readings and billing information.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public GitHub repository contains exploit details. SQL injection vulnerabilities are commonly weaponized due to their prevalence and impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Contact vendor for updated version or implement workarounds.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Network Segmentation

all

Isolate the monitoring platform from internet and restrict access to authorized networks only

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in the imei_list.aspx file
  • Disable or restrict access to the vulnerable endpoint if not essential for operations

🔍 How to Verify

Check if Vulnerable:

Test the imei_list.aspx endpoint with SQL injection payloads or check if running version 1.0 of the platform

Check Version:

Check platform documentation or web interface for version information

Verify Fix Applied:

Verify that SQL injection attempts are blocked and proper input validation is implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed login attempts
  • Suspicious requests to imei_list.aspx

Network Indicators:

  • SQL injection patterns in HTTP requests
  • Unusual outbound database connections

SIEM Query:

source="web_logs" AND (uri="*imei_list.aspx*" AND (payload="*' OR *" OR payload="*;--*" OR payload="*UNION*"))

📊 Metadata

CVE ID: CVE-2025-63624
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.23% exploit probability (45.4th percentile)
Published: February 3, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63624, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)