Vulnerability-Lookup

CVE-2025-62617 (GCVE-0-2025-62617)

Vulnerability from cvelistv5 – Published: 2025-10-22 21:19 – Updated: 2025-10-23 16:17

Title

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Summary

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/Admidio/admidio/security/advis…	x_refsource_CONFIRM
	https://github.com/Admidio/admidio/commit/fde81ae…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Admidio	admidio	Affected: < 4.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62617",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-23T16:03:08.051767Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T16:17:28.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "admidio",
          "vendor": "Admidio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.3.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application\u0027s database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T21:19:00.940Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33"
        },
        {
          "name": "https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb"
        }
      ],
      "source": {
        "advisory": "GHSA-2v5m-cq9w-fc33",
        "discovery": "UNKNOWN"
      },
      "title": "Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-62617",
    "datePublished": "2025-10-22T21:19:00.940Z",
    "dateReserved": "2025-10-16T19:24:37.269Z",
    "dateUpdated": "2025-10-23T16:17:28.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-62617\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-10-22T22:15:34.400\",\"lastModified\":\"2025-10-30T17:15:48.570\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application\u0027s database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.17\",\"matchCriteriaId\":\"598B27C3-0068-48FF-BA50-BC940B161496\"}]}]}],\"references\":[{\"url\":\"https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-89\", \"lang\": \"en\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33\"}, {\"name\": \"https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb\"}], \"affected\": [{\"vendor\": \"Admidio\", \"product\": \"admidio\", \"versions\": [{\"version\": \"\u003c 4.3.17\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-22T21:19:00.940Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application\u0027s database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.\"}], \"source\": {\"advisory\": \"GHSA-2v5m-cq9w-fc33\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62617\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-23T16:03:08.051767Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-23T16:03:11.840Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-62617\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-10-16T19:24:37.269Z\", \"datePublished\": \"2025-10-22T21:19:00.940Z\", \"dateUpdated\": \"2025-10-23T16:17:28.926Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2V5M-CQ9W-FC33

Vulnerability from github – Published: 2025-10-22 16:46 – Updated: 2025-10-23 17:40

Summary

Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality

Details

Summary

An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. The vulnerability is present in the latest version, 4.3.16.

Details

The vulnerability is located in the adm_program/modules/groups-roles/members_assignment_data.php script. This script handles an AJAX request to fetch a list of users for role assignment. The filter_rol_uuid GET parameter is not properly sanitized before being used in a raw SQL query.

File: adm_program/modules/groups-roles/members_assignment_data.php

// ... 
// The parameter is retrieved from the GET request without sufficient sanitization for SQL context.
$getFilterRoleUuid = admFuncVariableIsValid($_GET, 'filter_rol_uuid', 'string');
$getMembersShowAll = admFuncVariableIsValid($_GET, 'mem_show_all', 'bool', array('defaultValue' => false));

// ... 
$filterRoleCondition = '';
if ($getMembersShowAll) {
    $getFilterRoleUuid = 0;
} else {
    // show only members of current organization
    if ($getFilterRoleUuid !== '') {
        // VULNERABLE CODE: $getFilterRoleUuid is directly concatenated into the query string.
        $filterRoleCondition = ' AND rol_uuid = \''.$getFilterRoleUuid . '\'';
    }
}

// ...
// The vulnerable $filterRoleCondition is then used inside a subselect.
$sqlSubSelect = '(SELECT COUNT(*) AS count_this
                    FROM '.TBL_MEMBERS.'
              INNER JOIN '.TBL_ROLES.'
                      ON rol_id = mem_rol_id
              INNER JOIN '.TBL_CATEGORIES.'
                      ON cat_id = rol_cat_id
                   WHERE mem_usr_id  = usr_id
                     AND mem_begin  <= \''.DATE_NOW.'\'
                     AND mem_end     > \''.DATE_NOW.'\'
                         '.$filterRoleCondition.'
                     AND rol_valid = true
                     AND cat_name_intern <> \'EVENTS\'
                     AND cat_org_id = '.$gCurrentOrgId.')';
// ...

As shown above, the value of $getFilterRoleUuid is directly concatenated into the $filterRoleCondition variable, which is then embedded within a larger SQL query ($sqlSubSelect). This allows an attacker to break out of the string literal and inject arbitrary SQL commands.

PoC (Proof of Concept)

Prerequisites: 1. A running instance of Admidio (tested on version 4.3.16). 2. An authenticated user session with permissions to assign members to a role (e.g., the default 'admin' user).

Execution: The vulnerability can be triggered by manipulating the filter_rol_uuid parameter in the request to /adm_program/modules/groups-roles/members_assignment_data.php. Due to the large number of parameters, the easiest way to reproduce this is by capturing a legitimate request and replaying it with sqlmap.

Log in to Admidio as an administrator.
Navigate to Groups / Roles.
Click the "Assign members" icon for any existing role.
Using a web proxy like Burp Suite, intercept the GET request made to /adm_program/modules/groups-roles/members_assignment_data.php.
Save the entire raw request to a text file (e.g., admidio_request.txt).
Run the following sqlmap command to confirm the time-based blind SQL injection:

sqlmap -r /path/to/admidio_request.txt -p filter_rol_uuid --technique=T --dbms=mysql --current-db

Result: sqlmap will successfully identify and exploit the time-based blind SQL injection vulnerability.

---
Parameter: filter_rol_uuid (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: role_uuid=...&filter_rol_uuid=' AND (SELECT 3332 FROM (SELECT(SLEEP(5)))vqnl) AND 'ENdG'='ENdG&...
---
[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12
[INFO] fetching current database
[INFO] retrieved: admidio
current database: 'admidio'

This confirms that an attacker can execute arbitrary SQL queries and extract information from the database.

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.3.16"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "admidio/admidio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-22T16:46:03Z",
    "nvd_published_at": "2025-10-22T22:15:34Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAn authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application\u0027s database, including reading, modifying, or deleting all data. The vulnerability is present in the latest version, 4.3.16.\n\n### Details\n\nThe vulnerability is located in the `adm_program/modules/groups-roles/members_assignment_data.php` script. This script handles an AJAX request to fetch a list of users for role assignment. The `filter_rol_uuid` GET parameter is not properly sanitized before being used in a raw SQL query.\n\n**File:** `adm_program/modules/groups-roles/members_assignment_data.php`\n```php\n// ... \n// The parameter is retrieved from the GET request without sufficient sanitization for SQL context.\n$getFilterRoleUuid = admFuncVariableIsValid($_GET, \u0027filter_rol_uuid\u0027, \u0027string\u0027);\n$getMembersShowAll = admFuncVariableIsValid($_GET, \u0027mem_show_all\u0027, \u0027bool\u0027, array(\u0027defaultValue\u0027 =\u003e false));\n\n// ... \n$filterRoleCondition = \u0027\u0027;\nif ($getMembersShowAll) {\n    $getFilterRoleUuid = 0;\n} else {\n    // show only members of current organization\n    if ($getFilterRoleUuid !== \u0027\u0027) {\n        // VULNERABLE CODE: $getFilterRoleUuid is directly concatenated into the query string.\n        $filterRoleCondition = \u0027 AND rol_uuid = \\\u0027\u0027.$getFilterRoleUuid . \u0027\\\u0027\u0027;\n    }\n}\n\n// ...\n// The vulnerable $filterRoleCondition is then used inside a subselect.\n$sqlSubSelect = \u0027(SELECT COUNT(*) AS count_this\n                    FROM \u0027.TBL_MEMBERS.\u0027\n              INNER JOIN \u0027.TBL_ROLES.\u0027\n                      ON rol_id = mem_rol_id\n              INNER JOIN \u0027.TBL_CATEGORIES.\u0027\n                      ON cat_id = rol_cat_id\n                   WHERE mem_usr_id  = usr_id\n                     AND mem_begin  \u003c= \\\u0027\u0027.DATE_NOW.\u0027\\\u0027\n                     AND mem_end     \u003e \\\u0027\u0027.DATE_NOW.\u0027\\\u0027\n                         \u0027.$filterRoleCondition.\u0027\n                     AND rol_valid = true\n                     AND cat_name_intern \u003c\u003e \\\u0027EVENTS\\\u0027\n                     AND cat_org_id = \u0027.$gCurrentOrgId.\u0027)\u0027;\n// ...\n```\n\nAs shown above, the value of `$getFilterRoleUuid` is directly concatenated into the `$filterRoleCondition` variable, which is then embedded within a larger SQL query (`$sqlSubSelect`). This allows an attacker to break out of the string literal and inject arbitrary SQL commands.\n\n### PoC (Proof of Concept)\n\n**Prerequisites:**\n1.  A running instance of Admidio (tested on version 4.3.16).\n2.  An authenticated user session with permissions to assign members to a role (e.g., the default \u0027admin\u0027 user).\n\n**Execution:**\nThe vulnerability can be triggered by manipulating the `filter_rol_uuid` parameter in the request to `/adm_program/modules/groups-roles/members_assignment_data.php`. Due to the large number of parameters, the easiest way to reproduce this is by capturing a legitimate request and replaying it with `sqlmap`.\n\n1.  Log in to Admidio as an administrator.\n2.  Navigate to `Groups / Roles`.\n3.  Click the \"Assign members\" icon for any existing role.\n4.  Using a web proxy like Burp Suite, intercept the GET request made to `/adm_program/modules/groups-roles/members_assignment_data.php`.\n5.  Save the entire raw request to a text file (e.g., `admidio_request.txt`).\n6.  Run the following `sqlmap` command to confirm the time-based blind SQL injection:\n\n```bash\nsqlmap -r /path/to/admidio_request.txt -p filter_rol_uuid --technique=T --dbms=mysql --current-db\n```\n\n**Result:**\n`sqlmap` will successfully identify and exploit the time-based blind SQL injection vulnerability.\n\n```\n---\nParameter: filter_rol_uuid (GET)\n    Type: time-based blind\n    Title: MySQL \u003e= 5.0.12 AND time-based blind (query SLEEP)\n    Payload: role_uuid=...\u0026filter_rol_uuid=\u0027 AND (SELECT 3332 FROM (SELECT(SLEEP(5)))vqnl) AND \u0027ENdG\u0027=\u0027ENdG\u0026...\n---\n[INFO] the back-end DBMS is MySQL\nback-end DBMS: MySQL \u003e= 5.0.12\n[INFO] fetching current database\n[INFO] retrieved: admidio\ncurrent database: \u0027admidio\u0027\n```\nThis confirms that an attacker can execute arbitrary SQL queries and extract information from the database.",
  "id": "GHSA-2v5m-cq9w-fc33",
  "modified": "2025-10-23T17:40:23Z",
  "published": "2025-10-22T16:46:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62617"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Admidio/admidio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality"
}

FKIE_CVE-2025-62617

Vulnerability from fkie_nvd - Published: 2025-10-22 22:15 - Updated: 2025-10-30 17:15

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb	Patch
	security-advisories@github.com	https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	admidio	admidio	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "598B27C3-0068-48FF-BA50-BC940B161496",
              "versionEndExcluding": "4.3.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application\u0027s database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17."
    }
  ],
  "id": "CVE-2025-62617",
  "lastModified": "2025-10-30T17:15:48.570",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-22T22:15:34.400",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-62617 (GCVE-0-2025-62617)

GHSA-2V5M-CQ9W-FC33

Summary

Details

PoC (Proof of Concept)

FKIE_CVE-2025-62617

Tags

Sightings

Nomenclature