CVE-2025-64084 – An authenticated SQL injection vulnerability in... (How to Fix)

Q: What is the severity of CVE-2025-64084?

CVE-2025-64084 has a CVSS score of 5.4 (MEDIUM). An authenticated SQL injection vulnerability in Cloudlog 2.7.5 and earlier allows authenticated attackers to execute arbitrary SQL commands. This occurs because the vucc_details_ajax function fails to properly sanitize user-supplied Gridsquare POST parameters before concatenating them into raw SQL queries. Only authenticated users can exploit this vulnerability.

📋 TL;DR

An authenticated SQL injection vulnerability in Cloudlog 2.7.5 and earlier allows authenticated attackers to execute arbitrary SQL commands. This occurs because the vucc_details_ajax function fails to properly sanitize user-supplied Gridsquare POST parameters before concatenating them into raw SQL queries. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:

Cloudlog

Versions: 2.7.5 and earlier

Operating Systems: All operating systems running Cloudlog

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Cloudlog 2.7.5 and earlier are vulnerable regardless of configuration. Authentication is required to exploit this vulnerability.

📦 What is this software?

Cloudlog by Magicbug

View all CVEs affecting Cloudlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential privilege escalation to administrative access; and possible remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the Cloudlog database, including user credentials, logs, and configuration data.

🟢

If Mitigated

Limited impact due to proper input validation and parameterized queries preventing SQL injection, with authenticated access still required for exploitation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the Cloudlog application. The vulnerability is in a specific function (vucc_details_ajax) that handles Gridsquare parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.6

Vendor Advisory: https://github.com/XY20130630/Cloudlog/security/advisories/GHSA-4r9r-3r3q-jg44

Restart Required: No

Instructions:

1. Backup your Cloudlog installation and database. 2. Download Cloudlog 2.7.6 from the official GitHub repository. 3. Replace the affected files with the patched versions. 4. Verify the fix by checking that the vucc_details_ajax function now properly sanitizes input.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom input validation for Gridsquare parameters to reject suspicious characters

Add input validation in application/controllers/Awards.php before processing Gridsquare parameters

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns in POST requests

Configure WAF to detect and block SQL injection patterns in POST parameters

🧯 If You Can't Patch

Implement strict input validation for all user-supplied parameters in the Awards controller
Restrict database user permissions to minimize potential damage from successful exploitation

🔍 How to Verify

Check if Vulnerable:

Check if your Cloudlog version is 2.7.5 or earlier by examining the version file or checking the application interface

Check Version:

Check the version.txt file or application configuration for version information

Verify Fix Applied:

Verify that the application/controllers/Awards.php file contains the fix from commit 72a8c3d705c8629f60f64da9f37968417c980242

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by successful login and SQL injection patterns
Abnormal POST requests to vucc_details_ajax endpoint with SQL syntax

Network Indicators:

SQL injection patterns in POST parameters to Cloudlog endpoints
Unusual database connection patterns from Cloudlog application

SIEM Query:

source="cloudlog_logs" AND (POST_parameter="Gridsquare" AND (CONTAINS("'") OR CONTAINS(";") OR CONTAINS("UNION") OR CONTAINS("SELECT")))

📊 Metadata

CVE ID: CVE-2025-64084

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-89

EPSS Score: 0.05% exploit probability (14.1th percentile)

Published: November 14, 2025

Last Updated: November 19, 2025

🔗 References

https://github.com/XY20130630/Cloudlog/security/advisories/GHSA-4r9r-3r3q-jg44 Exploit,Third Party Advisory
https://github.com/magicbug/Cloudlog/commit/72a8c3d705c8629f60f64da9f37968417c980242 Patch
https://github.com/magicbug/Cloudlog/releases/tag/2.7.6 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64084, you might also want to check these: