CVE-2025-1874

Summary

CVE-2025-1874 is a newly discovered SQL injection vulnerability that affects the 101news software, specifically versions 1.0 and below. The issue lies within the "admin/add-category.php" file, more precisely the "description" parameter. An attacker can exploit this vulnerability by injecting malicious SQL queries, potentially gaining unauthorized access to sensitive data or even taking control of the affected system. This type of attack can lead to significant security risks, including data theft and unauthorized system modifications. It is strongly advised that users of 101news update to a secure version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.