CVE-2025-70397 is a critical SQL Injection vulnerability identified in jizhicms version 2.5.6, a content management system. The flaw exists in the Article/deleteAll and Extmolds/deleteAll API endpoints, where the 'data' parameter is improperly sanitized, allowing attackers to inject malicious SQL queries. The vulnerability requires low privileges (PR:L) but no user interaction (UI:N), and can be exploited remotely over the network (AV:N). Successful exploitation can lead to full compromise of the database, including unauthorized data disclosure (confidentiality), data modification or deletion (integrity), and potential denial of service (availability). The CVSS 3.1 vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects the ease of exploitation and the severe impact on all security aspects. Although no public exploits are currently reported, the vulnerability is critical due to the widespread impact of SQL Injection attacks and the sensitive nature of CMS data. The lack of available patches at the time of publication increases the urgency for organizations to implement interim mitigations. The vulnerability is classified under CWE-89, a well-known and commonly exploited weakness in web applications. Organizations relying on jizhicms 2.5.6 should conduct immediate security assessments and apply appropriate controls to prevent exploitation.

For European organizations, this vulnerability poses a significant risk to data confidentiality, integrity, and availability. Exploitation could lead to unauthorized access to sensitive content, manipulation or deletion of website data, and potential disruption of services hosted on jizhicms. This can result in reputational damage, regulatory penalties under GDPR for data breaches, and operational downtime. Organizations in sectors such as government, education, media, and e-commerce that use jizhicms are particularly vulnerable. The ability to exploit remotely with low privileges increases the attack surface, potentially enabling attackers to pivot within networks or exfiltrate critical information. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity demands urgent attention to prevent future attacks.

1. Immediately restrict access to the Article/deleteAll and Extmolds/deleteAll endpoints by IP whitelisting or network segmentation to limit exposure. 2. Deploy and configure web application firewalls (WAFs) with updated signatures to detect and block SQL Injection attempts targeting the 'data' parameter. 3. Conduct thorough input validation and sanitization on all user-supplied data, especially for the vulnerable endpoints, using parameterized queries or prepared statements if possible. 4. Monitor application and database logs for unusual query patterns or repeated failed attempts indicative of SQL Injection. 5. Engage with jizhicms vendors or community to obtain patches or security updates as soon as they become available. 6. Perform regular security audits and penetration testing focusing on injection flaws. 7. Educate developers and administrators on secure coding practices to prevent similar vulnerabilities in future releases. 8. Consider temporary disabling or limiting functionality of the affected endpoints if feasible until a patch is applied.