CVE-2025-0791

Name of the Vulnerable Software and Affected Versions ESAFENET CDG V5

Description A critical issue has been found in ESAFENET CDG V5, affecting some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the flowId argument leads to SQL injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations ESAFENET CDG V5: Update the /sdDoneDetail.jsp file to properly sanitize the flowId argument to prevent SQL injection. Ensure that all user input is validated and escaped to prevent malicious data from being executed. Apply security patches or updates provided by the vendor, if available, to address the critical issue.