CVE-2025-11314

Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0

Description A flaw exists in the software that allows for remote code execution through SQL injection. The issue is located in the findRolePage function within the findSingConfigPage.do file. Manipulation of the sort argument can trigger the injection. The exploit for this issue has been publicly disclosed. The vendor was informed of the issue but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.