Login Sign Up

CVE-2025-7888

6.3 MEDIUM
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in TDuckCloud tduck-platform allows remote attackers to execute arbitrary SQL commands by manipulating the formKey parameter. This affects all systems running tduck-platform 5.1, potentially leading to data theft, modification, or deletion. The vulnerability is remotely exploitable and a public exploit exists.

💻 Affected Systems

Products:
  • TDuckCloud tduck-platform
Versions: 5.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 5.1 are vulnerable. The vulnerability exists in the UserFormDataMapper component.

📦 What is this software?

Tduck Platform by Tduckcloud

View all CVEs affecting Tduck Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data destruction, privilege escalation to administrative access, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to form data, extraction of sensitive user information, and potential manipulation of stored data.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database user privilege restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the formKey parameter to reject SQL injection patterns

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns targeting the vulnerable endpoint

🧯 If You Can't Patch

  • Isolate the vulnerable system from internet access and restrict internal network access
  • Implement database user privilege restrictions to limit potential damage from successful exploitation

🔍 How to Verify

Check if Vulnerable:

Check if running tduck-platform version 5.1. Review application logs for SQL injection attempts against UserFormDataMapper endpoints.

Check Version:

Check application configuration files or deployment manifests for version information

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads to confirm they are properly rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed parameter validation attempts
  • Suspicious formKey parameter values containing SQL keywords

Network Indicators:

  • HTTP requests with SQL injection patterns in formKey parameter
  • Unusual database connection patterns from application server

SIEM Query:

source="application_logs" AND ("formKey" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE" OR "DROP"))

📊 Metadata

CVE ID: CVE-2025-7888
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (9.6th percentile)
Published: July 20, 2025
Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7888, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)