Skip to main content

CVE-2025-53122: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in The OpenNMS Group Horizon

Medium
VulnerabilityCVE-2025-53122cvecve-2025-53122cwe-89
Published: Thu Jun 26 2025 (06/26/2025, 19:49:43 UTC)
Source: CVE Database V5
Vendor/Project: The OpenNMS Group
Product: Horizon

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.  Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

AI-Powered Analysis

AILast updated: 06/26/2025, 20:20:06 UTC

Technical Analysis

CVE-2025-53122 is a medium-severity SQL Injection vulnerability (CWE-89) identified in The OpenNMS Group's Horizon and Meridian network management applications. The flaw arises from improper neutralization of special elements in SQL commands, allowing an attacker with low privileges (PR:L) and network access (AV:A) to inject malicious SQL code without requiring user interaction or authentication. The vulnerability affects versions Horizon 33.0.8 and earlier, and Meridian 25.2.1 and earlier. Exploitation could lead to high confidentiality impact, as attackers may extract sensitive data from the backend database. However, integrity and availability impacts are rated none, indicating limited or no ability to modify or disrupt data or services. The vulnerability is exploitable only within an organization's private network, as the software is intended not to be exposed directly to the Internet. The CVSS 4.0 vector (AV:A/AC:L/PR:L/UI:N/VC:H/VI:N/VA:N) reflects these conditions. No known exploits are currently reported in the wild. Users are advised to upgrade to Meridian 2024.2.6 or Horizon 33.16 or newer to remediate the issue. The vulnerability underscores the importance of secure coding practices in network management tools that often hold critical infrastructure data and configurations.

Potential Impact

For European organizations, this vulnerability poses a significant risk primarily to internal network security. OpenNMS Horizon and Meridian are used for network monitoring and management, often holding sensitive operational data and configuration details. Successful exploitation could lead to unauthorized data disclosure, potentially exposing network topology, device credentials, or other sensitive information. This could facilitate further lateral movement or targeted attacks within the network. Although the vulnerability does not directly impact availability or integrity, the confidentiality breach alone can have severe consequences, including compliance violations under GDPR if personal or sensitive data is exposed. Since the software is intended for private network deployment, the risk is heightened if internal network segmentation or access controls are weak. European organizations with complex network infrastructures relying on OpenNMS products must consider this vulnerability critical to their internal security posture.

Mitigation Recommendations

1. Immediate upgrade to Meridian 2024.2.6 or Horizon 33.16 or later versions as recommended by the vendor to ensure the vulnerability is patched. 2. Restrict network access to OpenNMS management interfaces strictly to trusted administrative hosts and segments using firewall rules and network segmentation to minimize exposure. 3. Implement strong internal access controls and monitoring to detect anomalous queries or access patterns that may indicate exploitation attempts. 4. Conduct regular code audits and penetration testing focusing on SQL injection vectors within custom or third-party network management tools. 5. Employ database-level protections such as least privilege principles for the OpenNMS database user accounts to limit data exposure in case of injection. 6. Use Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect SQL injection patterns within internal network traffic. 7. Educate network and security teams about the risks of internal-facing vulnerabilities and the importance of patch management even for non-internet-facing systems.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
OpenNMS
Date Reserved
2025-06-26T17:52:58.600Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 685da7e9ca1063fb8748af04

Added to database: 6/26/2025, 8:04:57 PM

Last enriched: 6/26/2025, 8:20:06 PM

Last updated: 8/13/2025, 3:41:36 AM

Views: 33

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats