CVE-2025-8220 – This SQL injection vulnerability in Engeman Web... (How to Fix)

Q: What is the severity of CVE-2025-8220?

CVE-2025-8220 has a CVSS score of 7.3 (HIGH). This SQL injection vulnerability in Engeman Web allows attackers to execute arbitrary SQL commands via the LanguageCombobox cookie parameter on the password recovery page. Attackers can exploit this remotely to potentially access, modify, or delete database content. Organizations using Engeman Web up to version 12.0.0.2 are affected.

📋 TL;DR

This SQL injection vulnerability in Engeman Web allows attackers to execute arbitrary SQL commands via the LanguageCombobox cookie parameter on the password recovery page. Attackers can exploit this remotely to potentially access, modify, or delete database content. Organizations using Engeman Web up to version 12.0.0.2 are affected.

💻 Affected Systems

Products:

Engeman Web

Versions: Up to and including 12.0.0.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the password recovery feature enabled are vulnerable.

📦 What is this software?

Web by Engeman

View all CVEs affecting Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, privilege escalation, or full system takeover.

🟠

Likely Case

Unauthorized data access, credential harvesting, or database manipulation leading to further attacks.

🟢

If Mitigated

Limited impact with proper input validation, WAF rules, and database permissions in place.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.0.0.3

Vendor Advisory: Not provided by vendor

Restart Required: Yes

Instructions:

1. Download Engeman Web version 12.0.0.3 or later. 2. Backup current installation and database. 3. Stop the Engeman Web service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Implement web application firewall rules to block SQL injection patterns in cookie parameters.

WAF-specific configuration required

Disable Password Recovery

all

Temporarily disable the password recovery functionality if not essential.

Application-specific configuration required

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all cookie parameters
Deploy network segmentation and restrict access to Engeman Web instances

🔍 How to Verify

Check if Vulnerable:

Check if Engeman Web version is 12.0.0.2 or earlier and has /Login/RecoveryPass endpoint accessible.

Check Version:

Check application version in admin interface or configuration files.

Verify Fix Applied:

Verify installation of version 12.0.0.3 or later and test that SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts from password recovery page
Suspicious cookie values containing SQL syntax

Network Indicators:

HTTP requests to /Login/RecoveryPass with SQL injection patterns in cookies
Unusual database connection patterns

SIEM Query:

source="engeman_web" AND (url="/Login/RecoveryPass" AND cookie="*SELECT*" OR cookie="*UNION*" OR cookie="*OR*1=1*")

📊 Metadata

CVE ID: CVE-2025-8220

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.01% exploit probability (0.7th percentile)

Published: July 27, 2025

Last Updated: October 11, 2025

🔗 References

https://github.com/m3m0o/engeman-web-language-combobox-sqli Exploit,Third Party Advisory
https://vuldb.com/?ctiid.317808 Permissions Required,VDB Entry
https://vuldb.com/?id.317808 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.616747 Third Party Advisory,VDB Entry
https://docs.google.com/document/d/1fbe1o3ncvmYbw-w1MKMUJg7z-qu1Wyo81y9isFlNyi0/edit?tab=t.0 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8220, you might also want to check these: