PT-2025-13804 · Unknown · Esafenet Cdg

Ziana

Published

2025-03-31

Updated

2025-03-31

CVE-2025-3003

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ESAFENET CDG version 3

Description A critical issue was found in the software, affecting an unknown function of the file /CDGServer3/UserAjax. The manipulation of the Username argument leads to SQL injection. It is possible to launch the attack remotely. The issue has been publicly disclosed.

Recommendations For ESAFENET CDG version 3, as a temporary workaround, consider restricting access to the /CDGServer3/UserAjax file to minimize the risk of exploitation. Avoid using the Username argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-3003

Affected Products

Esafenet Cdg

PT-2025-13804 · Unknown · Esafenet Cdg

CVE-2025-3003

Weakness Enumeration

Related Identifiers

Affected Products

References · 9