CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1812: zj1983 zz SuperZ.java GetUserOrg sql injection

5.3 CVSS

Description

A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in zj1983 zz bis 2024-08 entdeckt. Es betrifft die Funktion GetUserOrg der Datei com/futvan/z/framework/core/SuperZ.java. Mit der Manipulation des Arguments userId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-1812

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem Types

SQL Injection Injection

Affected Products

Vendor: zj1983

Product: zz

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.59% (scored less or equal to compared to others)

EPSS Date: 2025-03-31 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1812
https://vuldb.com/?id.298080
https://vuldb.com/?ctiid.298080
https://vuldb.com/?submit.504273
https://github.com/A7cc/cve/issues/3

Timeline

2025-03-02 10:40:09 UTC
CVE

zj1983 zz SuperZ.java GetUserOrg sql injection