CVE-2025-0793

Name of the Vulnerable Software and Affected Versions ESAFENET CDG version V5

Description A critical issue has been found in an unknown functionality of the file "/todoDetail.jsp". The manipulation of the flowId argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations ESAFENET CDG version V5: Update the "/todoDetail.jsp" file to properly sanitize the flowId argument and prevent SQL injection attacks. Ensure that all user input is validated and escaped to prevent malicious SQL code execution.