SQLi in Dolusoft's Omaspot

The SQL Injection vulnerability in Omaspot poses a significant risk. An attacker could leverage this to bypass authentication, retrieve sensitive data such as user credentials, financial information, or customer details, and even modify or delete data within the database. Successful exploitation could lead to a complete compromise of the Omaspot system and potentially impact any connected systems or services. The impact is amplified if the database contains personally identifiable information (PII) or other confidential data, potentially leading to regulatory fines and reputational damage. This vulnerability shares characteristics with other SQL injection flaws, where attackers can manipulate database queries to achieve unauthorized actions.

Organizations utilizing Dolusoft Omaspot in their operations, particularly those handling sensitive data, are at risk. This includes businesses relying on Omaspot for customer relationship management, inventory management, or other critical functions. Legacy Omaspot installations and those with inadequate security configurations are especially vulnerable.

1. 2025-09-16Disclosure

   disclosure

1. 已保留2025-07-17
2. 发布日期2025-09-16
3. EPSS 更新日期2026-03-23

The primary mitigation for CVE-2025-7744 is to immediately upgrade Omaspot to version 12.09.2025 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and parameterized queries to sanitize user input and prevent SQL injection attacks. Web application firewalls (WAFs) configured with rules to detect and block SQL injection attempts can also provide an additional layer of protection. Thoroughly review and test any configuration changes before deploying them to a production environment. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload on a non-critical endpoint.