CVE Alert: CVE-2025-12253 – AMTT – Hotel Broadband Operation System

Risk verdict

High risk: remote unauthenticated SQL injection via get_expiredtime.php with a publicly disclosed exploit.

Why this matters

Attacker access can reveal or alter expiration data, potentially leaking sensitive information and undermining service availability for hotel broadband users. The combination of remote reach and public exploit increases the likelihood of automated attempts and mass scanning, with potential impact on guest experience and operational integrity.

Most likely attack path

No authentication required and network-accessible endpoint enables exploitation through the uid parameter. The injection impacts the database in a way that can compromise confidentiality, integrity and availability of related data, with commands triggered directly from the web application, offering limited scope to pivot beyond the vulnerable component.

Who is most exposed

Hotels and hospitality networks running AMTT Hotel Broadband Operation System 1.0 that expose the management interface or guest-access portals to the Internet are at greatest risk, especially where the vulnerable endpoint is publicly reachable or poorly protected.

Detection ideas

• Unusual requests to get_expiredtime.php with crafted uid values triggering SQL errors or unexpected responses.
• Elevated error messages or abnormal DB query latency in application logs.
• A spike in requests to the endpoint from diverse IPs, or patterns typical of SQLi probes.
• Anomalous data access patterns around expiration timestamps or related tables.
• WAF signatures or IDS alerts for SQLi patterns targeting the parameter.

Mitigation and prioritisation

• Apply vendor patch or upgrade to fixed version; verify compatibility with your hospitality stack.
• Implement input validation and parameterised queries for all database interactions; disable detailed error output.
• Restrict access to the vulnerable endpoint (IP allowlists, VPN-only admin access) and deploy or tune a web application firewall with SQLi rules.
• Perform a targeted credential and data exposure audit; monitor DB logs for exfiltration indicators.
• Change-management: test in a staging environment, schedule a rapid security patch window; prioritize due to public exploit presence and high CVSS impact unless KEV/EPSS data indicate otherwise. If KEV or EPSS suggests high likelihood, treat as priority 1.