CVE-2025-11310 identifies a SQL injection vulnerability in version 1.0 of the Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System (天锐数据泄露防护系统). The vulnerability resides in the findFileServerPage.do endpoint, specifically within the findFileServerPage function. An attacker can manipulate the 'sort' parameter to inject malicious SQL commands, enabling unauthorized database queries or modifications. This attack vector requires no authentication or user interaction and can be executed remotely over the network. The SQL injection could lead to unauthorized data disclosure, data tampering, or denial of service by corrupting database integrity or exhausting resources. The vendor was notified but has not issued any patches or advisories, and no known exploits have been observed in the wild yet, although proof-of-concept exploits are publicly available. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting medium severity due to its network attack vector, lack of required privileges, and potential impact on confidentiality, integrity, and availability. The absence of vendor response increases risk as organizations must rely on defensive controls and mitigations. This vulnerability is critical for organizations relying on this DLP system to protect sensitive data, as exploitation could bypass data protection controls and expose confidential information.

For European organizations, exploitation of CVE-2025-11310 could result in significant data breaches, exposing sensitive corporate or personal data protected by the Data Leakage Prevention system. This undermines compliance with GDPR and other data protection regulations, potentially leading to legal penalties and reputational damage. Integrity of stored data could be compromised, affecting business operations and decision-making. Availability impacts may arise if attackers corrupt database contents or disrupt system functionality, causing downtime or degraded service. Since the vulnerability requires no authentication and can be exploited remotely, attackers can launch automated attacks at scale, increasing risk. Organizations in sectors such as finance, healthcare, and government, which often deploy DLP solutions, are particularly vulnerable. The lack of vendor patches forces reliance on compensating controls, increasing operational complexity and risk exposure. Overall, the vulnerability threatens confidentiality, integrity, and availability of critical data protection infrastructure in European enterprises.

Given the absence of vendor patches, European organizations should implement immediate compensating controls. First, apply strict input validation and sanitization on all user-supplied parameters, especially the 'sort' argument, to block SQL injection payloads. Deploy Web Application Firewalls (WAFs) with custom rules targeting SQL injection patterns specific to this vulnerability. Monitor database query logs and application logs for unusual or anomalous queries indicative of exploitation attempts. Restrict network access to the affected endpoint to trusted IPs or internal networks where feasible. Conduct regular security assessments and penetration tests focusing on injection vulnerabilities. Consider isolating or segmenting the DLP system within the network to limit lateral movement if compromised. Maintain up-to-date backups of critical data to enable recovery in case of data corruption. Engage with the vendor for updates and monitor security advisories for patches or mitigations. Finally, educate security teams about this vulnerability to ensure rapid detection and response to potential exploitation attempts.