Platform
other
Component
idsecure-on-premises
Fixed in
4.7.49
CVE-2025-49853 describes a SQL Injection vulnerability affecting iDSecure On-premises versions 0 through 4.7.48.0. This flaw allows attackers to inject arbitrary SQL syntax into queries, potentially leading to data breaches and system compromise. A patch is available in version 4.7.49, and users are strongly advised to upgrade immediately.
The SQL Injection vulnerability in iDSecure On-premises presents a significant risk. Successful exploitation could allow an attacker to bypass authentication mechanisms, access sensitive data stored in the database (such as user credentials, configuration details, or proprietary information), and even modify or delete data. Depending on the database permissions, an attacker might be able to gain control of the underlying server, enabling lateral movement within the network. The impact is particularly severe given the potential for data exfiltration and disruption of critical business processes.
CVE-2025-49853 was publicly disclosed on 2025-06-24. The vulnerability's CRITICAL CVSS score (9.1) indicates a high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the severity warrants immediate attention. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-49853 is to upgrade to iDSecure On-premises version 4.7.49 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as input validation and parameterized queries at the application level. While not a complete solution, these measures can reduce the attack surface. Monitor database logs for suspicious SQL queries that might indicate an attempted exploitation. Implement a Web Application Firewall (WAF) with SQL Injection protection rules to filter malicious requests.
Update iDSecure On-premises to a version later than 4.7.48.0 to fix the SQL Injection vulnerability. Refer to the vendor's website for the latest version and upgrade instructions. Apply security updates as soon as they are available.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-49853 is a critical SQL Injection vulnerability affecting iDSecure On-premises versions 0–4.7.48.0, allowing attackers to potentially leak data and manipulate queries.
If you are using iDSecure On-premises versions 0 through 4.7.48.0, you are vulnerable to this SQL Injection flaw and should upgrade immediately.
Upgrade to iDSecure On-premises version 4.7.49 or later to resolve the vulnerability. Consider temporary workarounds like input validation if immediate upgrading is not possible.
While no public exploitation is confirmed at this time, the CRITICAL severity and public disclosure suggest a high likelihood of exploitation. Vigilance is advised.
Refer to the official iDSecure security advisory for detailed information and updates regarding CVE-2025-49853.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.