CVE-2025-2358

Name of the Vulnerable Software and Affected Versions Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System version 1.0

Description A critical issue affects the HTTP Header Handler component, specifically the file /Kfxt/Service.asmx. The manipulation of the X-Forwarded-For argument leads to SQL injection. This issue may be exploited remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond.

Recommendations As a temporary workaround, consider restricting access to the /Kfxt/Service.asmx endpoint until a patch is available. Avoid using the X-Forwarded-For argument in the affected HTTP Header Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.