Plateforme
perl
Composant
koha
Corrigé dans
24.11.02
CVE-2025-22954 describes a critical SQL Injection vulnerability discovered in Koha, a popular open-source Integrated Library System (ILS). This flaw allows attackers to inject malicious SQL code through the supplierid or serialid parameters within the /serials/lateissues-export.pl endpoint. Versions of Koha prior to 24.11.02 are affected, and a patch has been released to address this security risk.
Successful exploitation of CVE-2025-22954 could grant an attacker unauthorized access to the Koha database. This could lead to the exfiltration of sensitive data, including patron information (names, addresses, contact details), library inventory details, and potentially administrative credentials. Depending on the database configuration and permissions, an attacker might even be able to modify or delete data, disrupting library operations. The SQL Injection point is within the late issues export functionality, meaning an attacker could potentially manipulate the data being exported, leading to further compromise. This vulnerability shares characteristics with other SQL Injection flaws where attackers can bypass authentication and access sensitive data.
CVE-2025-22954 was publicly disclosed on March 12, 2025. No public proof-of-concept exploits are currently known, but the severity of the vulnerability (CRITICAL) suggests a high probability of exploitation if left unpatched. The vulnerability is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Koha installations.
Libraries and institutions utilizing Koha ILS, particularly those running versions 0–24.11.01, are at significant risk. Shared hosting environments where multiple libraries share the same Koha instance are especially vulnerable, as a compromise of one library could potentially impact others. Organizations with legacy Koha configurations or those that have not implemented robust security practices are also at increased risk.
• linux / server: Monitor Koha's access logs for unusual SQL queries or requests to /serials/lateissues-export.pl with suspicious parameters. Use journalctl -f to observe real-time log activity.
journalctl -f | grep '/serials/lateissues-export.pl'• generic web: Use curl to test the endpoint with various payloads to identify potential SQL injection vulnerabilities.
curl 'http://your-koha-instance/serials/lateissues-export.pl?supplierid=1' UNION SELECT 1,2,3 -- - • database (mysql): If you have access to the Koha database, run queries to check for any unauthorized data modifications or suspicious entries.
SELECT * FROM your_table WHERE suspicious_column LIKE '%malicious%';disclosure
patch
Statut de l'Exploit
EPSS
11.93% (percentile 94%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-22954 is to immediately upgrade Koha to version 24.11.02 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter potentially malicious SQL injection attempts targeting the /serials/lateissues-export.pl endpoint. Input validation on the supplierid and serialid parameters is crucial; ensure that any user-supplied input is properly sanitized and validated before being used in SQL queries. Regularly review Koha's configuration and access controls to minimize the potential impact of a successful attack.
Actualice Koha a la versión 24.11.02 o posterior. Esta actualización corrige la vulnerabilidad de inyección SQL en los parámetros supplierid y serialid del script /serials/lateissues-export.pl. La actualización es esencial para proteger su sistema contra posibles ataques.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-22954 is a critical SQL Injection vulnerability affecting Koha versions 0–24.11.01, allowing attackers to potentially access and manipulate the database through the /serials/lateissues-export.pl endpoint.
If you are running Koha versions 0–24.11.01, you are affected by this vulnerability and should upgrade immediately.
The recommended fix is to upgrade Koha to version 24.11.02 or later. Consider WAF rules as an interim measure.
While no public exploits are currently known, the vulnerability's critical severity suggests a high probability of exploitation if left unpatched.
Refer to the official Koha security advisory on their website for detailed information and updates: [https://bugs.koha-community.org/bugtracker/?action=view&bugid=32014]
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.