Platform
other
Component
yordam-library-automation-system
Opgelost in
21.7
CVE-2025-10439 describes a SQL Injection vulnerability discovered in the Yordam Library Automation System. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to the database and compromising sensitive information. The vulnerability impacts versions 21.5 and 21.6 of the system, and a patch is available in version 21.7.
Successful exploitation of CVE-2025-10439 could allow an attacker to bypass authentication mechanisms, directly accessing and manipulating the underlying database. This could lead to the theft of sensitive data such as user credentials, library records, and financial information. Furthermore, an attacker could potentially modify data, leading to data corruption or denial of service. The blast radius extends to all data stored within the Yordam Library Automation System database, making it a high-impact vulnerability.
CVE-2025-10439 has been publicly disclosed. While no active exploitation campaigns have been confirmed, the CRITICAL severity and the ease of SQL Injection exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code may emerge, increasing the risk of widespread exploitation.
Libraries and educational institutions utilizing Yordam Library Automation System versions 21.5 and 21.6 are at significant risk. Organizations with limited security resources or those who have not implemented robust input validation practices are particularly vulnerable.
• linux / server: Monitor database logs for unusual SQL queries or error messages. Use auditd to track database access and identify suspicious patterns.
auditctl -w /var/log/mysql/error.log -p wa -k sql_injection• database (mysql): Run queries to check for potential injection points. ``mysql -e "SELECT VERSION()" -u root``
• generic web: Test application endpoints for SQL injection vulnerabilities using automated scanners or manual techniques. Examine access logs for unusual patterns.
disclosure
Exploit Status
EPSS
0.04% (11% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-10439 is to upgrade to version 21.7 of the Yordam Library Automation System, which includes the necessary fix. If an immediate upgrade is not possible, consider implementing temporary workarounds such as input validation and parameterized queries on the application layer. While not a complete solution, these measures can reduce the attack surface. Review and restrict database user permissions to limit the potential damage from a successful injection. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on a non-critical endpoint.
Actualice Yordam Library Automation System a la versión 21.7 o superior. Esta actualización corrige la vulnerabilidad de inyección SQL. Consulte el aviso de seguridad del proveedor para obtener más detalles sobre la actualización.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-10439 is a critical SQL Injection vulnerability affecting Yordam Library Automation System versions 21.5 and 21.6, allowing attackers to potentially access and manipulate the database.
If you are using Yordam Library Automation System versions 21.5 or 21.6, you are affected by this vulnerability. Upgrade to version 21.7 to mitigate the risk.
The recommended fix is to upgrade to version 21.7 of the Yordam Library Automation System. If immediate upgrade is not possible, implement temporary workarounds like input validation.
While no active exploitation campaigns have been confirmed, the CRITICAL severity suggests a high probability of exploitation. Monitor your systems closely.
Refer to the official Yordam Informatics website or security advisories for the most up-to-date information and guidance regarding CVE-2025-10439.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.