CVE-2025-0699

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jan 24, 2025

CWE ID 89

CWE ID 74

Summary

CVE-2025-0699 is a newly disclosed critical vulnerability affecting JoeyBling bootplus up to the specific version 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue lies in an unknown functionality of the /admin/sys/role/list file, where the manipulation of the sort argument leads to SQL injection. The attack can be executed remotely, and the exploit has already been made public, potentially increasing the risk for cyberattacks. Unfortunately, due to the lack of versioning in this product, it is unclear which releases are affected or unaffected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2vztJg
https://www.cve.org/CVERecord?id=CVE-2025-0699
https://nvd.nist.gov/vuln/detail/CVE-2025-0699

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-0699

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations