CVE-2025-11911 identifies a SQL injection vulnerability in Shenzhen Ruiming Technology's Streamax Crocus software, specifically version 1.3.40. The vulnerability resides in the Query function accessed via the /DeviceFault.do?Action=Query endpoint. The parameter sortField is vulnerable due to insufficient input validation or sanitization, allowing an attacker to inject arbitrary SQL commands. This flaw can be exploited remotely without requiring authentication or user interaction, making it accessible to a wide range of attackers. The injection can lead to unauthorized retrieval, modification, or deletion of database records, potentially compromising confidentiality, integrity, and availability of the system's data. The CVSS 4.0 score is 5.3 (medium), reflecting the moderate impact and ease of exploitation without privileges. The vendor was contacted early but has not issued a patch or mitigation guidance, and a public exploit has been released, increasing the risk of exploitation. The affected product is used primarily in video surveillance and security management, which may involve sensitive operational data. The lack of vendor response and public exploit availability necessitate immediate defensive measures by users.

For European organizations, the impact of CVE-2025-11911 can be significant, especially for those relying on Streamax Crocus for security and surveillance operations. Exploitation could lead to unauthorized access to sensitive surveillance data, manipulation of device fault records, or disruption of monitoring services. This could compromise physical security, violate data protection regulations such as GDPR, and damage organizational reputation. Critical infrastructure operators using this product may face operational disruptions or data breaches. The remote, unauthenticated nature of the exploit increases the attack surface, potentially allowing attackers to pivot into broader network segments. The absence of vendor patches and public exploit code heightens the urgency for European entities to implement mitigations to prevent data leakage or service interruptions.

1. Immediately restrict network access to the /DeviceFault.do?Action=Query endpoint using network segmentation and firewall rules to limit exposure to trusted management networks only. 2. Deploy and configure Web Application Firewalls (WAFs) with specific SQL injection detection and blocking rules tailored to the sortField parameter and related query patterns. 3. Conduct thorough logging and monitoring of all requests to the vulnerable endpoint to detect anomalous or suspicious input patterns indicative of SQL injection attempts. 4. If possible, disable or temporarily remove the vulnerable functionality until a patch or official fix is available. 5. Engage with Shenzhen Ruiming Technology for updates or patches and monitor vulnerability databases for new developments. 6. Consider application-layer input validation or proxy filtering to sanitize inputs before they reach the backend. 7. Review and harden database permissions to minimize the impact of any successful injection, ensuring least privilege principles are enforced. 8. Plan for migration or replacement of Streamax Crocus if vendor support remains absent.