CVE Alert: CVE-2025-11311 – Tipray 厦门天锐科技股份有限公司 – Data Leakage Prevention System 天锐数据泄露防护系统
CVE-2025-11311
A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
Why this matters
Most likely attack path
Who is most exposed
Detection ideas
- Web logs showing crafted sort parameter values triggering unusual SQL or error messages.
- Elevated database error traces or query errors in application logs.
- IDS/IPS alerts for SQL injection payloads targeting the findTenantPage endpoint.
- Spikes in data export or access events from tenant contexts without corresponding user actions.
- WAF signatures matching SQLi patterns on the DLP UI.
Mitigation and prioritisation
- Apply vendor patch as soon as available; verify patch in staging before production.
- Temporarily restrict access to the vulnerable endpoint (IP allowlist, require authentication) and disable remote access if feasible.
- Implement parameterized queries and input validation around sort inputs; review logging to prevent data leakage.
- Enable WAF rules or network protections to block SQLi patterns targeting the endpoint.
- If KEV or EPSS data becomes available indicating higher exploitation likelihood, escalate to Priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
