CVE Alert: CVE-2025-10090 – Jinher – OA

September 8, 2025

CVE-2025-10090

HIGHNo exploitation known

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

CVSS v3.1 (7.3)
Vendor
Jinher
Product
OA
Versions
1.0 | 1.1 | 1.2
CWE
CWE-89, SQL Injection
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Published
2025-09-08T09:32:05.734Z
Updated
2025-09-08T09:32:05.734Z

AI Summary Analysis

Risk verdict

High risk: public PoC exploit for remote, unauthenticated SQL injection in Jinher OA GetTreeDate.aspx (versions 1.0–1.2); treat as urgent due to active exploitability.

Why this matters

The vulnerability enables remote data access and potential data tampering without user credentials, which can disrupt administrative workflows and expose sensitive information. Given an exploit is publicly available, attacker automation and mass targeting are likely, increasing the chance of rapid impact across affected deployments.

Most likely attack path

Exploitation requires only network access (AV:N) with low complexity (AC:L) and no privileges (PR:N) or user interaction (UI:N). The attacker can craft the ID parameter to trigger SQL injection via GetTreeDate.aspx, potentially leaking data or impacting the application’s backend. Lateral movement depends on the OA deployment, but initial access is straightforward on exposed servers.

Who is most exposed

Enterprise environments deploying Jinher OA on-premises or in externally accessible cloud/public interfaces are at greatest risk, especially where OA is exposed to the internet or inadequately segmented.

Detection ideas

  • Monitor for unusual ID query parameters and SQL error patterns in GetTreeDate.aspx requests.
  • Look for unexpected database query strings or repeated failed login-like events from single IPs.
  • Detect anomalous data exfiltration indicators in OA-connected databases.
  • Inspect web server logs for long-running or failing queries tied to the affected path.
  • Correlate alerts with public exploit indicators and CVSS-equivalent exploit activity.

Mitigation and prioritisation

  • Apply vendor patch or upgrade to a fixed release as soon as available.
  • Implement input validation and parameterised queries on GetTreeDate.aspx; disable or sandbox the endpoint if feasible.
  • Deploy web application firewall rules to block suspicious ID inputs and SQLi patterns.
  • Enforce network segmentation and restrict OA access to internal networks or VPNs.
  • Initiate urgent change-control window for remediation; monitor for PoC indicators and anomalous database activity.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , , , , ,

You may have missed

Palo_Alto_Networks_Logo

[Palo Alto Networks Security Advisories] PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025)

October 10, 2025
image

CVE Alert: CVE-2025-55321 – Microsoft – Azure Monitor

October 10, 2025
image

CVE Alert: CVE-2025-59271 – Microsoft – Azure Cache for Redis Enterprise

October 10, 2025
image

CVE Alert: CVE-2025-11558 – code-projects – E-Commerce Website

October 10, 2025
image

CVE Alert: CVE-2025-11557 – projectworlds – Gate Pass Management System

October 10, 2025