CVE Alert: CVE-2025-11314 – Tipray 厦门天锐科技股份有限公司 – Data Leakage Prevention System 天锐数据泄露防护系统
CVE-2025-11314
A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
High risk: remote SQL injection with a PoC available, enabling exploitation without authentication.
Why this matters
Successful exploitation can lead to leakage or manipulation of sensitive configuration data and potentially undermine enforcement controls in the DLP system. The combination of remote access, no user interaction required, and the ability to influence data through a crafted sort parameter increases the likelihood of data exposure and limited impact on integrity.
Most likely attack path
Attackers can reach the vulnerable endpoint over the network (AV:N, UI:N, PR:N, AC:L). The injection targets a parameter in a function, enabling arbitrary SQL execution with no privileges required, and no user interaction. Given the low attack complexity and native database access, an attacker could exfiltrate data or corrupt non-critical configurations, with lateral movement limited by the scope of the compromise but potential for secondary, broader impact if other components trust the retrieved data.
Who is most exposed
Organisations deploying this DLP component on-premises or in internal networks with exposed management interfaces are most at risk, especially where web UIs are reachable from untrusted or poorly protected networks.
Detection ideas
- Unusual requests to findSingConfigPage.do with crafted sort values.
- Database error strings or abnormal SQL error responses in app or web server logs.
- Increased anomalous SQL query activity or failed login attempts to the endpoint.
- WAF alerts or signatures indicating SQLi on the affected path.
- PoC-like traffic patterns synchronized with advisory timelines.
Mitigation and prioritisation
- Apply vendor patch or upgrade to a fixed version immediately.
- If patching is delayed, implement input validation and parameterised queries for the affected endpoint; disable dynamic query construction.
- Restrict access to the management/interface endpoints (network ACLs, IP allowlists).
- Deploy WAF rules targeting SQL injection on findSingConfigPage.do and monitor for related traffic.
- Verify remediation with targeted testing; update change-management tickets and perform post-patch validation.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
