CVE-2025-0791: ESAFENET CDG sdDoneDetail.jsp sql injection
First published: Tue Jan 28 2025(Updated: )
A vulnerability, which was classified as critical, has been found in ESAFENET CDG V5. This issue affects some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SafeNet CDG |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0791?
CVE-2025-0791 has been classified as a critical vulnerability.
How does CVE-2025-0791 affect the ESAFENET CDG software?
CVE-2025-0791 affects the processing of the file /sdDoneDetail.jsp and can lead to SQL injection.
What type of attack can be executed using CVE-2025-0791?
An attacker may initiate a remote SQL injection attack through the manipulated argument flowId.
Is CVE-2025-0791 exploitable remotely?
Yes, CVE-2025-0791 can be exploited remotely, making it highly critical.
How can I mitigate the risks associated with CVE-2025-0791?
Mitigation of CVE-2025-0791 typically involves input validation and sanitization to prevent SQL injection.
- agent/title
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/description
- agent/softwarecombine
- agent/severity
- agent/author
- agent/source
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/esafenet
- canonical/gemalto safenet cdg