CVE-2025-7888

Name of the Vulnerable Software and Affected Versions TDuckCloud tduck-platform version 5.1

Description A critical issue exists in TDuckCloud tduck-platform 5.1 related to SQL injection. The UserFormDataMapper function within the src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java file is susceptible to exploitation through manipulation of the formKey argument. This attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting or disabling the use of the UserFormDataMapper function until a patch is available.