CVE-2025-15492

Summary

A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
RainyGaoDocSys2.02.0affected
RainyGaoDocSys2.02.1affected
RainyGaoDocSys2.02.2affected
RainyGaoDocSys2.02.3affected
RainyGaoDocSys2.02.4affected
RainyGaoDocSys2.02.5affected
RainyGaoDocSys2.02.6affected
RainyGaoDocSys2.02.7affected
RainyGaoDocSys2.02.8affected
RainyGaoDocSys2.02.9affected
RainyGaoDocSys2.02.10affected
RainyGaoDocSys2.02.11affected
RainyGaoDocSys2.02.12affected
RainyGaoDocSys2.02.13affected
RainyGaoDocSys2.02.14affected
RainyGaoDocSys2.02.15affected
RainyGaoDocSys2.02.16affected
RainyGaoDocSys2.02.17affected
RainyGaoDocSys2.02.18affected
RainyGaoDocSys2.02.19affected
RainyGaoDocSys2.02.20affected
RainyGaoDocSys2.02.21affected
RainyGaoDocSys2.02.22affected
RainyGaoDocSys2.02.23affected
RainyGaoDocSys2.02.24affected
RainyGaoDocSys2.02.25affected
RainyGaoDocSys2.02.26affected
RainyGaoDocSys2.02.27affected
RainyGaoDocSys2.02.28affected
RainyGaoDocSys2.02.29affected
RainyGaoDocSys2.02.30affected
RainyGaoDocSys2.02.31affected
RainyGaoDocSys2.02.32affected
RainyGaoDocSys2.02.33affected
RainyGaoDocSys2.02.34affected
RainyGaoDocSys2.02.35affected
RainyGaoDocSys2.02.36affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References