CVE-2025-9391 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-9391?

CVE-2025-9391 has a CVSS score of 6.3 (MEDIUM). This CVE describes a SQL injection vulnerability in Bjskzy Zhiyou ERP software up to version 11.0. Attackers can remotely exploit the getFieldValue function in the workflow component to execute arbitrary SQL commands. Organizations using affected versions of this ERP system are at risk.

📋 TL;DR

This CVE describes a SQL injection vulnerability in Bjskzy Zhiyou ERP software up to version 11.0. Attackers can remotely exploit the getFieldValue function in the workflow component to execute arbitrary SQL commands. Organizations using affected versions of this ERP system are at risk.

💻 Affected Systems

Products:

Bjskzy Zhiyou ERP

Versions: Up to and including version 11.0

Operating Systems: All platforms running the affected software

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable by default. The vulnerability exists in the com.artery.workflow.ServiceImpl component.

📦 What is this software?

Zhiyou Erp by Zhiyou Group

View all CVEs affecting Zhiyou Erp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential system takeover via SQL injection leading to remote code execution.

🟠

Likely Case

Unauthorized data access, data exfiltration, and potential privilege escalation within the ERP system.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are publicly available according to the references. The vendor has not responded to disclosure attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor has not responded

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version 11.1 or later if available, or implement workarounds.

🔧 Temporary Workarounds

Implement Input Validation

all

Add strict input validation for all SQL-related parameters in the getFieldValue function

Modify source code to validate and sanitize SQL parameters before processing

Use Parameterized Queries

all

Replace dynamic SQL construction with parameterized queries or prepared statements

Rewrite affected SQL queries to use parameter binding instead of string concatenation

🧯 If You Can't Patch

Implement network segmentation to isolate ERP systems from untrusted networks
Deploy a web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running Bjskzy Zhiyou ERP version 11.0 or earlier. Review application logs for SQL injection attempts.

Check Version:

Check application version through admin interface or configuration files

Verify Fix Applied:

Test the getFieldValue function with malicious SQL input to ensure proper validation and parameterization.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts with SQL-like patterns
Database error messages containing SQL syntax

Network Indicators:

Unusual database connection patterns
SQL injection payloads in HTTP requests to workflow endpoints

SIEM Query:

source="erp_app" AND (message="SQL" OR message="syntax" OR message="injection")

📊 Metadata

CVE ID: CVE-2025-9391

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: August 24, 2025

Last Updated: September 12, 2025

🔗 References

https://vuldb.com/?ctiid.321224 Permissions Required,VDB Entry
https://vuldb.com/?id.321224 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.631536 Third Party Advisory,VDB Entry
https://www.yuque.com/u49060589/ek4il4/thnillii14w421ib?singleDoc Exploit
https://www.yuque.com/u49060589/ek4il4/thnillii14w421ib?singleDoc# Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9391, you might also want to check these: