CVE-2025-5697: SQL Injection in Brilliance Golden Link Secondary System
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-5697 is a medium-severity SQL Injection vulnerability identified in the Brilliance Golden Link Secondary System, specifically affecting versions up to 20250424. The vulnerability arises from improper sanitization or validation of the 'custTradeId' parameter within the /reprotframework/tcCustDeferPosiQuery.htm endpoint. An attacker can remotely exploit this flaw by manipulating the 'custTradeId' argument to inject malicious SQL code, potentially altering the backend database queries executed by the system. The vulnerability does not require user interaction or authentication, and the attack vector is network-based, making it accessible to remote attackers. The CVSS 4.0 vector indicates low complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and limited impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although the CVSS score is 5.3 (medium), the vulnerability's exploitation could allow unauthorized data access or modification, depending on the database and application context. No public exploits are currently known in the wild, and no patches have been linked yet. The vulnerability was publicly disclosed on June 5, 2025, shortly after its reservation date, indicating recent discovery and potential for emerging exploit attempts.
Potential Impact
For European organizations using the Brilliance Golden Link Secondary System, this vulnerability poses a risk of unauthorized access to sensitive data stored in backend databases. The SQL Injection could lead to data leakage, unauthorized data modification, or disruption of service if exploited. Given the system's likely role in business or financial operations (implied by the 'custTradeId' parameter), exploitation could impact data integrity and confidentiality, potentially affecting compliance with GDPR and other data protection regulations. The medium severity suggests that while the risk is notable, exploitation may not lead to full system compromise or widespread availability disruption. However, the lack of authentication requirement increases the attack surface, making remote exploitation feasible without insider access. Organizations may face reputational damage, regulatory fines, and operational disruptions if the vulnerability is exploited. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code may emerge following public disclosure.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Immediately audit and monitor all instances of the Brilliance Golden Link Secondary System to identify affected versions (up to 20250424). 2) Implement strict input validation and parameter sanitization on the 'custTradeId' parameter and any other user-supplied inputs, employing parameterized queries or prepared statements to prevent SQL Injection. 3) Apply any vendor-released patches or updates as soon as they become available; if no official patch exists, consider temporary mitigations such as web application firewalls (WAFs) configured to detect and block SQL Injection patterns targeting the vulnerable endpoint. 4) Conduct thorough logging and monitoring of database queries and application logs to detect anomalous activities indicative of exploitation attempts. 5) Restrict network access to the vulnerable endpoint where feasible, limiting exposure to trusted networks or VPNs. 6) Educate development and security teams about secure coding practices to prevent similar vulnerabilities in future releases. 7) Prepare incident response plans tailored to SQL Injection attacks to enable rapid containment and remediation if exploitation occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
CVE-2025-5697: SQL Injection in Brilliance Golden Link Secondary System
Description
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-5697 is a medium-severity SQL Injection vulnerability identified in the Brilliance Golden Link Secondary System, specifically affecting versions up to 20250424. The vulnerability arises from improper sanitization or validation of the 'custTradeId' parameter within the /reprotframework/tcCustDeferPosiQuery.htm endpoint. An attacker can remotely exploit this flaw by manipulating the 'custTradeId' argument to inject malicious SQL code, potentially altering the backend database queries executed by the system. The vulnerability does not require user interaction or authentication, and the attack vector is network-based, making it accessible to remote attackers. The CVSS 4.0 vector indicates low complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and limited impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although the CVSS score is 5.3 (medium), the vulnerability's exploitation could allow unauthorized data access or modification, depending on the database and application context. No public exploits are currently known in the wild, and no patches have been linked yet. The vulnerability was publicly disclosed on June 5, 2025, shortly after its reservation date, indicating recent discovery and potential for emerging exploit attempts.
Potential Impact
For European organizations using the Brilliance Golden Link Secondary System, this vulnerability poses a risk of unauthorized access to sensitive data stored in backend databases. The SQL Injection could lead to data leakage, unauthorized data modification, or disruption of service if exploited. Given the system's likely role in business or financial operations (implied by the 'custTradeId' parameter), exploitation could impact data integrity and confidentiality, potentially affecting compliance with GDPR and other data protection regulations. The medium severity suggests that while the risk is notable, exploitation may not lead to full system compromise or widespread availability disruption. However, the lack of authentication requirement increases the attack surface, making remote exploitation feasible without insider access. Organizations may face reputational damage, regulatory fines, and operational disruptions if the vulnerability is exploited. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as exploit code may emerge following public disclosure.
Mitigation Recommendations
European organizations should prioritize the following specific mitigation steps: 1) Immediately audit and monitor all instances of the Brilliance Golden Link Secondary System to identify affected versions (up to 20250424). 2) Implement strict input validation and parameter sanitization on the 'custTradeId' parameter and any other user-supplied inputs, employing parameterized queries or prepared statements to prevent SQL Injection. 3) Apply any vendor-released patches or updates as soon as they become available; if no official patch exists, consider temporary mitigations such as web application firewalls (WAFs) configured to detect and block SQL Injection patterns targeting the vulnerable endpoint. 4) Conduct thorough logging and monitoring of database queries and application logs to detect anomalous activities indicative of exploitation attempts. 5) Restrict network access to the vulnerable endpoint where feasible, limiting exposure to trusted networks or VPNs. 6) Educate development and security teams about secure coding practices to prevent similar vulnerabilities in future releases. 7) Prepare incident response plans tailored to SQL Injection attacks to enable rapid containment and remediation if exploitation occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-04T20:29:06.821Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68420f89182aa0cae2f2232b
Added to database: 6/5/2025, 9:43:37 PM
Last enriched: 7/7/2025, 5:13:13 PM
Last updated: 8/4/2025, 2:16:30 PM
Views: 11
Related Threats
CVE-2025-6715: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in LatePoint
CriticalCVE-2025-7384: CWE-502 Deserialization of Untrusted Data in crmperks Database for Contact Form 7, WPforms, Elementor forms
CriticalCVE-2025-8491: CWE-352 Cross-Site Request Forgery (CSRF) in nikelschubert Easy restaurant menu manager
MediumCVE-2025-0818: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ninjateam File Manager Pro – Filester
MediumCVE-2025-8901: Out of bounds write in Google Chrome
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.