CVE-2025-3401

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5.6.3.154.205 20250114

Description: A critical issue has been found, affecting unknown code in the file /parameter/getLimitIPList.jsp. The manipulation of the noticeId argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations: For ESAFENET CDG version 5.6.3.154.205 20250114, as a temporary workaround, consider restricting access to the /parameter/getLimitIPList.jsp file or disabling the manipulation of the noticeId argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.