CVE-2025-15494

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.37

Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file com/DocSystem/mapping/UserMapper.xml. Manipulating the Username argument can lead to a successful attack, which can be initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations Versions prior to 2.02.37 should be updated. As a temporary workaround, restrict or carefully validate the Username input to prevent malicious SQL code injection.