CVE-2025-1535

Name of the Vulnerable Software and Affected Versions Baiyi Cloud Asset Management System version 8.142.100.161

Description A critical issue was found in the Baiyi Cloud Asset Management System, affecting an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the ticket id argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For Baiyi Cloud Asset Management System version 8.142.100.161, as a temporary workaround, consider restricting access to the /wuser/admin.ticket.close.php file until a patch is available. Avoid using the ticket id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.