CVE-2025-11629 identifies a SQL injection vulnerability in the RainyGao DocSys product, specifically in the getUserList function located in the /Manage/getUserList.do endpoint. This vulnerability affects all versions up to 2.02.36. The issue arises from improper sanitization or validation of user-supplied input, allowing an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. The vulnerability can be exploited by sending crafted requests to the vulnerable endpoint, which manipulates the underlying SQL query executed by the application. This can lead to unauthorized access to sensitive data, modification or deletion of database records, and potentially disruption of service. The CVSS 4.0 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. The vendor was notified early but has not responded or issued patches, increasing the risk for organizations still running vulnerable versions. No known exploits are currently active in the wild, but public disclosure means attackers could develop exploits at any time. The vulnerability is critical to address in environments where DocSys manages sensitive or regulated data.

For European organizations, the SQL injection vulnerability in RainyGao DocSys poses significant risks including unauthorized data disclosure, data tampering, and potential service disruption. Organizations in sectors such as government, finance, healthcare, and legal services that rely on document management systems are particularly vulnerable to data breaches and compliance violations under GDPR. Exploitation could lead to exposure of personal data or intellectual property, damaging reputation and incurring regulatory penalties. The remote and unauthenticated nature of the vulnerability increases the attack surface, especially for internet-facing installations. Lack of vendor response and patches means organizations must rely on internal mitigations, increasing operational burden. Additionally, attackers could leverage this vulnerability as a foothold for further network compromise. The medium severity score suggests moderate but non-trivial impact, warranting prompt attention to prevent escalation.

1. Immediately audit all RainyGao DocSys instances to identify affected versions (up to 2.02.36). 2. Implement input validation and sanitization for the getUserList function, replacing vulnerable SQL queries with parameterized queries or prepared statements to prevent injection. 3. If source code modification is not feasible, deploy web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting /Manage/getUserList.do. 4. Restrict network access to the DocSys management interface, limiting exposure to trusted internal networks or VPNs. 5. Monitor logs for suspicious query patterns or repeated access attempts to the vulnerable endpoint. 6. Establish compensating controls such as database user privilege restrictions to minimize damage from potential exploitation. 7. Engage with the vendor for updates or patches and subscribe to threat intelligence feeds for emerging exploit information. 8. Conduct penetration testing focused on SQL injection vectors to verify mitigation effectiveness. 9. Educate IT and security teams about this vulnerability and response procedures. 10. Plan for eventual upgrade or replacement of the affected software if vendor support remains absent.