CVE-2025-11310 identifies a SQL injection vulnerability in the Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System (DLP) version 1.0. The vulnerability resides in the findFileServerPage.do endpoint, specifically within the findFileServerPage function. Attackers can manipulate the 'sort' parameter to inject arbitrary SQL commands, enabling unauthorized access or modification of the backend database. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.9 (medium), reflecting the ease of exploitation and potential impact on confidentiality, integrity, and availability, though the scope is limited to the affected system. The vendor was notified but has not issued any response or patch, and public exploit code is available, which could facilitate attacks. This DLP system is designed to prevent data leakage, so exploitation could undermine critical data protection controls, potentially exposing sensitive corporate or personal data. The lack of vendor response and patch availability necessitates immediate defensive measures by affected organizations.

For European organizations, the impact of this vulnerability is significant due to the critical role of DLP systems in safeguarding sensitive data and ensuring compliance with regulations such as GDPR. Exploitation could lead to unauthorized disclosure or alteration of confidential information, resulting in data breaches, regulatory penalties, reputational damage, and operational disruption. Since the vulnerability allows remote, unauthenticated exploitation, attackers could leverage it to bypass data protection controls, extract sensitive data, or corrupt data integrity. This risk is heightened in industries with stringent data protection requirements, such as finance, healthcare, and government. Additionally, the absence of vendor patches and the availability of public exploits increase the likelihood of attacks targeting European entities using this product.

1. Immediately restrict network access to the affected DLP system, limiting connections to trusted internal hosts and administrators only. 2. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'sort' parameter in findFileServerPage.do. 3. Conduct thorough input validation and sanitization on all user-supplied parameters, especially 'sort', to prevent injection attacks. 4. Monitor logs and network traffic for unusual queries or access patterns indicative of exploitation attempts. 5. If possible, deploy temporary application-layer patches or filters to neutralize the injection vector until an official vendor patch is available. 6. Engage with the vendor for updates and consider alternative DLP solutions if remediation is delayed. 7. Educate security teams about this vulnerability and ensure incident response plans include detection and containment procedures for SQL injection attacks.