CVE Alert: CVE-2025-11315 – Tipray 厦门天锐科技股份有限公司 – Data Leakage Prevention System 天锐数据泄露防护系统
CVE-2025-11315
A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
Urgent: remote, unauthenticated SQL injection in the Tipray Data Leakage Prevention System is publicly exploitable and requires immediate remediation.
Why this matters
An attacker could read or modify sensitive data stored by the DLP system and potentially pivot to adjacent systems. With network access and no user interaction required, the vulnerability enables rapid exploitation across enterprise environments, increasing the risk of data leakage and operational disruption.
Most likely attack path
Exploitation targets the findUserPage.do endpoint via a crafted sort parameter, enabling SQL injection over the network. No authentication or user interaction is required (UI:N; PR:N), so remote attackers can act directly against the database. Lateral movement is possible within the compromised host and connected systems, given the impact scope on confidentiality, integrity and availability.
Who is most exposed
Organisations running Tipray DLP 1.0 with web-accessible management or reporting pages, typically deployed on-premise or in private clouds, are at greatest risk. Exposed interfaces in data-protection or security-management environments are common vectors.
Detection ideas
- WAF or app logs show injection payloads targeting findUserPage.do
- Anomalous or malformed sort parameter usage with SQL error echoes
- spikes in data retrieval or abnormal SELECT patterns from the DLP DB
- Unusual access to the DLP management page without valid UI prompts
- Increased database error logs tied to the affected endpoint
Mitigation and prioritisation
- Apply the vendor patch or upgrade to a fixed version as a priority
- If patching is not yet available, implement input validation and parameterised queries on findUserPage.do
- Enable strict network controls and WAF rules around the DLP interface; restrict to trusted networks
- Disable or temporarily harden the vulnerable endpoint if feasible; rotate credentials and audit access
- Initiate change-management actions and verify remediation in a test environment before broader rollout
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
