What is CVE-2025-0214?

A low-severity SQL injection vulnerability exists in TMD Custom Header Menu on OpenCart. Organizations are advised to upgrade the affected component to mitigate risks.

What is the severity of CVE-2025-0214?

CVE-2025-0214 has a severity rating of LOW with a CVSS base score of 2.1.

CVE-2025-0214 | Low Vulnerability in TMD Custom Header Menu

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to SQL injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Vulnerability Details

This vulnerability allows SQL injection through the argument headermenu_id in the /admin/index.php file of TMD Custom Header Menu 4.0.0.1. The CVSS score is 2.1, which classifies it as low severity. Organizations should be aware that while the attack complexity is high, the potential for exploitation exists.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user input in the headermenu_id parameter. Attackers may exploit this through network means, as the attack vector is classified as NETWORK. The attack complexity is high, requiring elevated privileges to execute successfully. No user interaction is required, which increases the risk.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data through SQL injection. Although the CVSS score indicates low severity, the high attack complexity means that exploitation, while difficult, could still occur under certain circumstances.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch.

Mitigation & Remediation

Organizations should upgrade to the latest version of TMD Custom Header Menu to mitigate this vulnerability. Regular security assessments such as penetration testing should also be conducted to identify and resolve any similar weaknesses.

Detection Guidance

Monitoring logs for unusual database queries and behavioral anomalies can help detect potential exploitation attempts. Additionally, implement network signatures that can flag unexpected requests to /admin/index.php.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of secure coding practices, particularly regarding user input validation. Organizations should consider resources such as vulnerability management programs for proactive identification of issues. The trend of SQL injection remains prevalent, emphasizing the need for continuous education in secure coding. Further insights can be gained from penetration testing methodologies which can assist in fortifying application defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0214: Low Vulnerability in TMD Custom Header Menu