CVE Alert: CVE-2025-11309 – Tipray 厦门天锐科技股份有限公司 – Data Leakage Prevention System 天锐数据泄露防护系统
CVE-2025-11309
A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the argument sort results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
Remote SQL injection in the input handling path with a publicly released exploit reference; requires urgent attention if exposed in your environment.
Why this matters
Attacker-controlled input could read, alter or exfiltrate data, or disrupt functions that rely on this component. Enterprises with networked or internet-facing deployments may see rapid feasibility of abuse, risking data leakage and potential downstream impact on trust and compliance.
Most likely attack path
Remote, low-complexity, no-auth attack against the doFilter logic via the sort parameter in findDeptPage.do; attacker need not interact with users. Successful exploitation can lead to unauthorized data access or modification within the affected subsystem (Scope likely unchanged). Lateral movement depends on how the DLP system interfaces with data stores or management consoles.
Who is most exposed
On-premises deployments and internal networks where the DLP system’s web interface or management endpoints are reachable; particularly if the appliance is internet-facing or poorly segmented from key data stores.
Detection ideas
- Alerts for unusual requests to findDeptPage.do with crafted sort inputs
- Database/error logs showing SQL-related anomalies from the DLP appliance
- Increased 4xx/5xx errors on the management page
- Anomalous or new IPs attempting access to the admin interface
- WAF/IDS signatures triggering on SQLi-like patterns in this context
Mitigation and prioritisation
- Apply vendor patch or upgrade to remediate the injection flaw; verify release notes and test in staging before rollout.
- If patching is not feasible quickly: disable external access to the management interface; enforce VPN + MFA; restrict input handling (parameterised queries, input validation); implement strict access controls.
- Enable and tune WAF/IDS rules to block SQL injection patterns targeting findDeptPage.do
- Regularly rotate credentials and monitor privileged activity on the appliance
- Change-management: schedule a controlled patch window, back up configurations, validate data integrity post-deployment
- Note: If KEV true or EPSS ≥ 0.5, treat as priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
