CVE-2025-15494

Summary

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
RainyGaoDocSys2.02.0affected
RainyGaoDocSys2.02.1affected
RainyGaoDocSys2.02.2affected
RainyGaoDocSys2.02.3affected
RainyGaoDocSys2.02.4affected
RainyGaoDocSys2.02.5affected
RainyGaoDocSys2.02.6affected
RainyGaoDocSys2.02.7affected
RainyGaoDocSys2.02.8affected
RainyGaoDocSys2.02.9affected
RainyGaoDocSys2.02.10affected
RainyGaoDocSys2.02.11affected
RainyGaoDocSys2.02.12affected
RainyGaoDocSys2.02.13affected
RainyGaoDocSys2.02.14affected
RainyGaoDocSys2.02.15affected
RainyGaoDocSys2.02.16affected
RainyGaoDocSys2.02.17affected
RainyGaoDocSys2.02.18affected
RainyGaoDocSys2.02.19affected
RainyGaoDocSys2.02.20affected
RainyGaoDocSys2.02.21affected
RainyGaoDocSys2.02.22affected
RainyGaoDocSys2.02.23affected
RainyGaoDocSys2.02.24affected
RainyGaoDocSys2.02.25affected
RainyGaoDocSys2.02.26affected
RainyGaoDocSys2.02.27affected
RainyGaoDocSys2.02.28affected
RainyGaoDocSys2.02.29affected
RainyGaoDocSys2.02.30affected
RainyGaoDocSys2.02.31affected
RainyGaoDocSys2.02.32affected
RainyGaoDocSys2.02.33affected
RainyGaoDocSys2.02.34affected
RainyGaoDocSys2.02.35affected
RainyGaoDocSys2.02.36affected
RainyGaoDocSys2.02.37affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References