CVE-2025-1535: Baiyi Cloud Asset Management System admin.ticket.close.php sql injection
First published: Fri Feb 21 2025(Updated: )
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Baiyi Cloud Asset Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1535?
CVE-2025-1535 has been classified as critical.
How do I fix CVE-2025-1535?
To fix CVE-2025-1535, it is recommended to apply security patches and updates provided by Baiyi for the Cloud Asset Management System.
What type of vulnerability is CVE-2025-1535?
CVE-2025-1535 is an SQL injection vulnerability.
Which software is affected by CVE-2025-1535?
CVE-2025-1535 affects the Baiyi Cloud Asset Management System version 8.142.100.161.
What part of the application does CVE-2025-1535 affect?
CVE-2025-1535 affects the file /wuser/admin.ticket.close.php.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/baiyi
- canonical/baiyi cloud asset management system