CVE-2025-3400

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5.6.3.154.205 20250114

Description: A critical issue was found in the file /client/UnChkMailApplication.jsp, allowing for SQL injection through the manipulation of the typename argument. This can be initiated remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations: For version 5.6.3.154.205 20250114, as a temporary workaround, consider restricting access to the /client/UnChkMailApplication.jsp file to minimize the risk of exploitation. Avoid using the typename argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.