CVE Alert: CVE-2025-9669 - Jinher - OA

CVE-2025-9669

HIGHNo exploitation knownPoC observed

A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVSS v3.1 (7.3)

Vendor

Jinher

Product

Versions

1.0

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-08-29T19:02:06.121Z

Updated

2025-08-29T19:24:04.135Z

References

https://vuldb.com/?id.321876
https://vuldb.com/?ctiid.321876
https://vuldb.com/?submit.637413
https://github.com/1276486/CVE/issues/1

AI Summary Analysis

Risk verdict

Public PoC demonstrates remote SQL injection via the GetTreeDate.aspx endpoint with no authentication required; high risk pending patch availability.

Why this matters

The vulnerability enables data exfiltration and potential data manipulation, with possible impact to integrity and availability of backend data. If exploited on production systems, business processes relying on the OA application could face disruption and regulatory/compliance exposure.

Most likely attack path

An attacker can craft a malicious ID parameter in a remotely accessible request, triggering SQL injection without user interaction or credentials. The flaw offers network access (AV:N) with low complexity (AC:L) and no privileges (PR:N), and affects confidentiality, integrity, and availability in a limited scope. Given a public-facing web app, rapid automated probing could occur, enabling data leakage or modification with minimal preconditions.

Who is most exposed

Deployments where the OA web interface is reachable from untrusted networks or misconfigured DMZs are at greatest risk; common in SMB/line-of-business environments with on-prem or cloud-hosted OA instances lacking recent fixes or WAF protections.

Detection ideas

Unusual or error-laden requests to GetTreeDate.aspx with atypical ID values
Increased SQL error messages or database query failures in app/db logs
Sudden spikes in long-running or unusual SELECT/UPDATE statements
WAF/IPS alerts for SQL injection patterns targeting the endpoint
Anomalous data access or export patterns from the OA backend

Mitigation and prioritisation

Apply vendor patch when available; verify fix in staging first
Enforce parameterised queries and rigorous input validation; disable dynamic SQL
Implement or tighten WAF/IPS rules to block SQLi patterns on the endpoint
Restrict exposure: require VPN/MDM controls or move to private network, limit internet access
Enhance monitoring: log and alert on anomalous ID usage and DB query anomalies
Change-management: schedule a rapid deployment window with rollback plan; communicate to stakeholders.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-9669, jinher, oa, OSINT, threatintel