प्लेटफ़ॉर्म
other
घटक
idsecure-on-premises
में ठीक किया गया
4.7.49
CVE-2025-49853 describes a SQL Injection vulnerability affecting iDSecure On-premises versions 0 through 4.7.48.0. This flaw allows attackers to inject arbitrary SQL syntax into queries, potentially leading to data breaches and system compromise. A patch is available in version 4.7.49, and users are strongly advised to upgrade immediately.
The SQL Injection vulnerability in iDSecure On-premises presents a significant risk. Successful exploitation could allow an attacker to bypass authentication mechanisms, access sensitive data stored in the database (such as user credentials, configuration details, or proprietary information), and even modify or delete data. Depending on the database permissions, an attacker might be able to gain control of the underlying server, enabling lateral movement within the network. The impact is particularly severe given the potential for data exfiltration and disruption of critical business processes.
CVE-2025-49853 was publicly disclosed on 2025-06-24. The vulnerability's CRITICAL CVSS score (9.1) indicates a high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the severity warrants immediate attention. It is not currently listed on the CISA KEV catalog.
Organizations utilizing iDSecure On-premises for access control and identity management are at risk. Specifically, deployments with older versions (0–4.7.48.0) are vulnerable. Environments where the iDSecure On-premises database is directly accessible from external networks face a heightened risk of exploitation.
• other: Monitor iDSecure On-premises database logs for unusual SQL queries, especially those containing potentially malicious syntax (e.g., UNION SELECT, DROP TABLE). Review application logs for errors related to database connections or SQL execution.
-- Example: Check for suspicious SQL queries in the database logs
SELECT query FROM database_logs WHERE query LIKE '%UNION SELECT%' OR query LIKE '%DROP TABLE%';disclosure
एक्सप्लॉइट स्थिति
EPSS
0.08% (23% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-49853 is to upgrade to iDSecure On-premises version 4.7.49 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as input validation and parameterized queries at the application level. While not a complete solution, these measures can reduce the attack surface. Monitor database logs for suspicious SQL queries that might indicate an attempted exploitation. Implement a Web Application Firewall (WAF) with SQL Injection protection rules to filter malicious requests.
Actualice iDSecure On-premises a una versión posterior a la 4.7.48.0 para corregir la vulnerabilidad de inyección SQL. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización. Aplique las actualizaciones de seguridad tan pronto como estén disponibles.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-49853 is a critical SQL Injection vulnerability affecting iDSecure On-premises versions 0–4.7.48.0, allowing attackers to potentially leak data and manipulate queries.
If you are using iDSecure On-premises versions 0 through 4.7.48.0, you are vulnerable to this SQL Injection flaw and should upgrade immediately.
Upgrade to iDSecure On-premises version 4.7.49 or later to resolve the vulnerability. Consider temporary workarounds like input validation if immediate upgrading is not possible.
While no public exploitation is confirmed at this time, the CRITICAL severity and public disclosure suggest a high likelihood of exploitation. Vigilance is advised.
Refer to the official iDSecure security advisory for detailed information and updates regarding CVE-2025-49853.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।