CVE-2025-23502

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 3, 2025

CWE ID 352

Summary

CVE-2025-1869 signifies a significant security concern for versions 1.0 of 101news, as SQL injection vulnerabilities have been identified. Hackers can exploit this issue by inputting malicious SQL code through the "username" parameter in the admin/check_avalability.php file. The vulnerability puts sensitive data at risk, including user credentials and database information. Successful exploitation may lead to unauthorized access and potential data breaches. Users are strongly advised to apply available patches or upgrades to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2hagZD
https://www.cve.org/CVERecord?id=CVE-2025-23502
https://nvd.nist.gov/vuln/detail/CVE-2025-23502

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-23502

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations