CVE-2025-0792

Name of the Vulnerable Software and Affected Versions ESAFENET CDG V5

Description A critical issue was found in an unknown function of the file /sdTodoDetail.jsp, where the manipulation of the flowId argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations ESAFENET CDG V5: Update the /sdTodoDetail.jsp file to properly sanitize the flowId argument to prevent SQL injection attacks. Ensure that all user input is validated and escaped to prevent malicious SQL code execution. Apply security patches or updates provided by the vendor, if available, to fix the issue.