CVE-2025-64092 – This CVE describes an unauthenticated SQL injec... (How to Fix)

Q: What is the severity of CVE-2025-64092?

CVE-2025-64092 has a CVSS score of 7.5 (HIGH). This CVE describes an unauthenticated SQL injection vulnerability in Zenitel products that allows attackers to inject SQL queries via GET request parameters. Attackers can directly query the underlying database without authentication. Organizations using affected Zenitel products are vulnerable.

📋 TL;DR

This CVE describes an unauthenticated SQL injection vulnerability in Zenitel products that allows attackers to inject SQL queries via GET request parameters. Attackers can directly query the underlying database without authentication. Organizations using affected Zenitel products are vulnerable.

💻 Affected Systems

Products:

Zenitel products (specific models not detailed in provided reference)

Versions: Not specified in provided reference

Operating Systems: Embedded systems running Zenitel software

Default Config Vulnerable: ⚠️ Yes

Notes: Based on the advisory, this affects Zenitel products with web interfaces that process GET parameters without proper input validation.

📦 What is this software?

Icx500 Firmware by Zenitel

View all CVEs affecting Icx500 Firmware →

Icx510 Firmware by Zenitel

View all CVEs affecting Icx510 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Data theft from the database, including sensitive information like credentials, configuration data, and user information.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing read-only queries to non-sensitive tables.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation makes this extremely dangerous for internet-facing systems.

🏢 Internal Only: MEDIUM - Still significant risk from internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET parameters is typically straightforward to exploit with common SQL injection tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided reference

Vendor Advisory: https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf

Restart Required: Yes

Instructions:

1. Review the Zenitel security advisory. 2. Identify affected products. 3. Apply vendor-provided patches. 4. Restart affected systems. 5. Verify the fix.

🔧 Temporary Workarounds

Input Validation Web Application Firewall

all

Deploy a WAF with SQL injection rules to filter malicious requests

Network Segmentation

all

Restrict access to Zenitel web interfaces to trusted networks only

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy database monitoring to detect SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Test web interface endpoints with SQL injection payloads in GET parameters

Check Version:

Check product version via web interface or device management interface

Verify Fix Applied:

Retest with SQL injection payloads after patching to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web logs
Requests with SQL keywords in GET parameters
Multiple failed login attempts followed by SQL injection attempts

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.) in URL parameters
Unusual database connection patterns from web servers

SIEM Query:

web.url:*SELECT* OR web.url:*UNION* OR web.url:*INSERT* OR web.url:*DELETE*

📊 Metadata

CVE ID: CVE-2025-64092

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.09% exploit probability (26.2th percentile)

Published: January 9, 2026

Last Updated: February 12, 2026

🔗 References

https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64092, you might also want to check these: