CVE Alert: CVE-2025-10967 – MuFen-mker – PHP-Usermm

Risk verdict

High risk to externally facing web apps; remote SQL injection with a public exploit, requiring urgent attention. No KEV/EPSS data provided to escalate to Priority 1.

Why this matters

Public exposure increases automated attack activity aiming to exfiltrate or modify data. Realistic attacker goals include reading sensitive data, altering records, or compromising the web server’s integrity, especially where DB credentials or privileges are poorly restricted.

Most likely attack path

Network-accessible vector with no authentication required and no user interaction. Attackers can supply the Username parameter to trigger SQL statements against the database, enabling data access or modification; potential for broader impact if the application shares DB credentials or network access with other systems.

Who is most exposed

Externally facing MuFen-mker PHP-Usermm deployments, common in small to mid-sized organisations hosting PHP apps on shared or less-segmented infrastructure.

Detection ideas

• Logs show SQL errors or syntax issues from chkuser.php requests.
• HTTP requests containing suspicious Username payloads (SQL keywords, tautologies).
• Unusual spikes in database query latency or data retrieved per user request.
• WAF/IDS alerts for SQL injection patterns targeting Username.
• Anomalous data volume or frequent access to user management endpoints.

Mitigation and prioritisation

• Patch or upgrade to fixed release as soon as vendor provides one; monitor rolling-release updates.
• Implement parameterised queries/prepared statements; avoid string concatenation in chkuser.php.
• Enforce least-privilege DB accounts for the web app; disable unnecessary privileges.
• Deploy WAF rules to block SQLi in the Username field; add input validation and sanitisation.
• Change-management: test in staging, then push to production; if KEV true or EPSS ≥ 0.5, treat as priority 1.