What is CVE-2025-7343 — SQL Injection in SFT?

CVE-2025-7343 is a critical SQL Injection vulnerability affecting SFT versions 0 through 3.7.12. It allows attackers to inject malicious SQL code, potentially compromising the entire database.

Am I affected by CVE-2025-7343 in SFT?

If you are using SFT versions 0.0 to 3.7.12, you are vulnerable. Verify your version and upgrade immediately.

How do I fix CVE-2025-7343 in SFT?

Upgrade to SFT version 3.7.13 or later to resolve the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like input sanitization.

Is CVE-2025-7343 being actively exploited?

While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks. Monitor security advisories.

Where can I find the official SFT advisory for CVE-2025-7343?

Refer to the Digiwin security advisory for CVE-2025-7343. Check the Digiwin website or relevant security mailing lists for updates.

CVE-2025-7343 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-7343 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• linux / server: Monitor SFT application logs for unusual SQL queries or error messages indicating attempted SQL injection. Use journalctl -u sft to filter for relevant log entries. Implement auditd rules to track database access and modifications.

auditctl -w /path/to/sft/database -p wa -k sft_sql_injection

• generic web: Use curl to test various endpoints with SQL injection payloads (e.g., ' OR '1'='1). Examine the response for signs of successful injection (e.g., unexpected data, database errors).

curl 'http://sft-server/endpoint?param=' OR '1'='1' --header 'Content-Type: application/x-www-form-urlencoded'

Digiwin｜SFT - SQL Injection

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-7343 — SQL Injection in SFT?

Am I affected by CVE-2025-7343 in SFT?

How do I fix CVE-2025-7343 in SFT?

Is CVE-2025-7343 being actively exploited?

Where can I find the official SFT advisory for CVE-2025-7343?

Seu projeto está afetado?