CVE-2024-25400: n/a in n/a
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
AI Analysis
Technical Summary
CVE-2024-25400 is reported as a critical SQL Injection vulnerability (CVSS 9.8) allegedly affecting Subrion CMS version 4.2.1 via the file ia.core.mysqli.php. SQL Injection (CWE-89) vulnerabilities allow attackers to manipulate backend SQL queries by injecting malicious input, potentially leading to unauthorized data access, data modification, or full system compromise. However, this particular vulnerability is disputed by multiple third parties because the referenced PHP file (ia.core.mysqli.php) only contains a class definition without any direct mechanism to accept external input, and the reportedly vulnerable method is not present in the file. This raises significant doubts about the validity of the vulnerability claim. No patch or vendor advisory is available, and no known exploits have been reported in the wild. The CVSS vector indicates the vulnerability is remotely exploitable over the network without authentication or user interaction, with high impact on confidentiality, integrity, and availability. Despite the high CVSS score, the lack of corroborating technical evidence and absence of exploit code suggest that this vulnerability may be a false positive or incorrectly reported. Subrion CMS is an open-source content management system used for website management, but its market share is relatively small compared to major CMS platforms. The dispute around the vulnerability means organizations should carefully verify their Subrion CMS installations and monitor for any official vendor updates or advisories before taking action.
Potential Impact
If this vulnerability were valid and exploitable, European organizations using Subrion CMS 4.2.1 could face severe risks including unauthorized data disclosure, data tampering, and potential full system compromise. This could lead to data breaches involving personal or sensitive information, disruption of website availability, and reputational damage. However, given the dispute over the vulnerability's existence and the absence of known exploits, the immediate impact is likely low. Organizations relying on Subrion CMS should remain vigilant but not assume imminent risk without further confirmation. The impact is also limited by the relatively low adoption of Subrion CMS in Europe compared to more widely used CMS platforms. Nonetheless, any successful SQL Injection in a CMS can be leveraged to pivot into internal networks or launch further attacks, so the potential impact remains significant if the vulnerability is real.
Mitigation Recommendations
1. Verify the use of Subrion CMS 4.2.1 within your environment and identify any instances of ia.core.mysqli.php. 2. Monitor official Subrion CMS channels and trusted vulnerability databases for any vendor patches or clarifications regarding CVE-2024-25400. 3. Conduct code reviews and penetration testing focused on SQL Injection vectors in your CMS deployment, especially if customizations or third-party plugins are used. 4. Employ Web Application Firewalls (WAFs) with SQL Injection detection rules to provide an additional layer of defense. 5. Restrict database user privileges to the minimum necessary to limit the impact of any potential injection. 6. Maintain regular backups and incident response plans to quickly recover from any compromise. 7. If possible, consider upgrading to a newer, supported CMS version or alternative platform with active security maintenance. 8. Stay informed through threat intelligence feeds for any emerging exploit activity related to this CVE.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-25400: n/a in n/a
Description
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
AI-Powered Analysis
Technical Analysis
CVE-2024-25400 is reported as a critical SQL Injection vulnerability (CVSS 9.8) allegedly affecting Subrion CMS version 4.2.1 via the file ia.core.mysqli.php. SQL Injection (CWE-89) vulnerabilities allow attackers to manipulate backend SQL queries by injecting malicious input, potentially leading to unauthorized data access, data modification, or full system compromise. However, this particular vulnerability is disputed by multiple third parties because the referenced PHP file (ia.core.mysqli.php) only contains a class definition without any direct mechanism to accept external input, and the reportedly vulnerable method is not present in the file. This raises significant doubts about the validity of the vulnerability claim. No patch or vendor advisory is available, and no known exploits have been reported in the wild. The CVSS vector indicates the vulnerability is remotely exploitable over the network without authentication or user interaction, with high impact on confidentiality, integrity, and availability. Despite the high CVSS score, the lack of corroborating technical evidence and absence of exploit code suggest that this vulnerability may be a false positive or incorrectly reported. Subrion CMS is an open-source content management system used for website management, but its market share is relatively small compared to major CMS platforms. The dispute around the vulnerability means organizations should carefully verify their Subrion CMS installations and monitor for any official vendor updates or advisories before taking action.
Potential Impact
If this vulnerability were valid and exploitable, European organizations using Subrion CMS 4.2.1 could face severe risks including unauthorized data disclosure, data tampering, and potential full system compromise. This could lead to data breaches involving personal or sensitive information, disruption of website availability, and reputational damage. However, given the dispute over the vulnerability's existence and the absence of known exploits, the immediate impact is likely low. Organizations relying on Subrion CMS should remain vigilant but not assume imminent risk without further confirmation. The impact is also limited by the relatively low adoption of Subrion CMS in Europe compared to more widely used CMS platforms. Nonetheless, any successful SQL Injection in a CMS can be leveraged to pivot into internal networks or launch further attacks, so the potential impact remains significant if the vulnerability is real.
Mitigation Recommendations
1. Verify the use of Subrion CMS 4.2.1 within your environment and identify any instances of ia.core.mysqli.php. 2. Monitor official Subrion CMS channels and trusted vulnerability databases for any vendor patches or clarifications regarding CVE-2024-25400. 3. Conduct code reviews and penetration testing focused on SQL Injection vectors in your CMS deployment, especially if customizations or third-party plugins are used. 4. Employ Web Application Firewalls (WAFs) with SQL Injection detection rules to provide an additional layer of defense. 5. Restrict database user privileges to the minimum necessary to limit the impact of any potential injection. 6. Maintain regular backups and incident response plans to quickly recover from any compromise. 7. If possible, consider upgrading to a newer, supported CMS version or alternative platform with active security maintenance. 8. Stay informed through threat intelligence feeds for any emerging exploit activity related to this CVE.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-02-07T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aec489
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 7/6/2025, 8:55:27 AM
Last updated: 8/7/2025, 6:37:27 PM
Views: 14
Related Threats
CVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.