CVE-2025-67082 – An authenticated SQL injection vulnerability in... (How to Fix)

Q: What is the severity of CVE-2025-67082?

CVE-2025-67082 has a CVSS score of 6.5 (MEDIUM). An authenticated SQL injection vulnerability in InvoicePlane allows attackers to extract arbitrary data from the database by manipulating report generation parameters. This affects all InvoicePlane installations up to version 1.6.3 where users have report generation privileges.

📋 TL;DR

An authenticated SQL injection vulnerability in InvoicePlane allows attackers to extract arbitrary data from the database by manipulating report generation parameters. This affects all InvoicePlane installations up to version 1.6.3 where users have report generation privileges.

💻 Affected Systems

Products:

InvoicePlane

Versions: through 1.6.3

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access with report generation permissions.

📦 What is this software?

Invoiceplane by Invoiceplane

View all CVEs affecting Invoiceplane →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive financial data, client information, and authentication credentials leading to full system takeover.

🟠

Likely Case

Extraction of invoice data, client records, and potentially user credentials from the database.

🟢

If Mitigated

Limited data exposure if database permissions are properly segmented and sensitive data is encrypted.

🌐 Internet-Facing: HIGH if the application is publicly accessible, as authenticated users can exploit it remotely.

🏢 Internal Only: MEDIUM as it requires authenticated access, but internal users with malicious intent could exploit it.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Error-based SQL injection with clear parameter manipulation; requires authenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.4 or later

Vendor Advisory: https://github.com/InvoicePlane/InvoicePlane

Restart Required: No

Instructions:

1. Backup your InvoicePlane installation and database. 2. Download the latest version from GitHub. 3. Replace the existing files with the patched version. 4. Clear application cache if applicable.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to reject non-numeric values in maxQuantity and minQuantity parameters

Modify report generation code to validate parameters as integers before processing

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns in report parameters

Add WAF rule to detect and block SQL keywords in maxQuantity and minQuantity parameters

🧯 If You Can't Patch

Restrict report generation permissions to only essential users
Implement database-level controls to limit query execution and segregate sensitive data

🔍 How to Verify

Check if Vulnerable:

Check if InvoicePlane version is 1.6.3 or earlier and test report generation with SQL injection payloads in quantity parameters

Check Version:

Check the version number in the InvoicePlane admin interface or application files

Verify Fix Applied:

Verify installation is version 1.6.4 or later and test that SQL injection attempts in quantity parameters are properly rejected

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed report generation attempts with unusual parameters

Network Indicators:

HTTP requests containing SQL keywords in maxQuantity or minQuantity parameters

SIEM Query:

source="web_logs" AND (uri_query="*maxQuantity=*'*" OR uri_query="*minQuantity=*'*")

📊 Metadata

CVE ID: CVE-2025-67082

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.03% exploit probability (7.8th percentile)

Published: January 15, 2026

Last Updated: January 22, 2026

🔗 References

https://github.com/InvoicePlane/InvoicePlane Product
https://www.helx.io/blog/advisory-invoice-plane/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67082, you might also want to check these: