What is CVE-2025-1168?

A medium-severity SQL injection vulnerability has been identified in Rems Contact Manager. Organizations are advised to address this vulnerability promptly to mitigate potential risks associated with data manipulation and exploitation.

What is the severity of CVE-2025-1168?

CVE-2025-1168 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1168 | Medium Severity Vulnerability in Rems Contact Manager

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been declared as critical, affecting unknown code of the file /endpoint/delete-contact.php. The manipulation of the argument contact leads to SQL injection, which can be initiated remotely. The exploit has been disclosed to the public and may be used. With a CVSS score of 5.3, this vulnerability is classified as medium severity, highlighting its potential impact on organizations.

Risk to organizations includes unauthorized access to sensitive data and the potential for further attacks if this vulnerability is exploited. Therefore, organizations should prioritize patching immediately.

The vulnerability affects the Rems Contact Manager software, which is used for managing contact information. Given the nature of the vulnerability and the potential for exploitation, it is essential for organizations to assess their exposure and take appropriate action.

As of now, there are no known public exploits available for this vulnerability, yet the critical nature of SQL injection vulnerabilities warrants immediate attention.

Vulnerability Details

The vulnerability exists in the Rems Contact Manager, specifically in the Export to VCF 1.0 version. It allows for SQL injection through the manipulation of the contact argument in the endpoint /endpoint/delete-contact.php. Officially, it has been categorized under CWE-89, which denotes SQL injection vulnerabilities. The CVSS score of 5.3 indicates a medium severity level, with low attack complexity and low privileges required for exploitation.

Technical Analysis

The root cause of this vulnerability lies in improper handling of user input within the affected endpoint, leading to SQL injection. Attackers can exploit this by sending crafted requests that manipulate SQL queries executed by the application. The attack vector is network-based, meaning that the attacker does not require physical access to the system. The attack complexity is low, and no user interaction is needed. The impacts on confidentiality, integrity, and availability are all classified as low.

Risk & Impact Analysis

Real-world deployment of this vulnerability could lead to significant risks, especially for organizations using the Rems Contact Manager for sensitive data management. The potential blast radius is substantial, as an attacker could manipulate data or gain unauthorized access to the database. Given the medium CVSS score, organizations should address this vulnerability in their priority patch cycle.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the Rems Contact Manager with Export to VCF version 1.0. Organizations should ensure they are using the latest version to mitigate this risk. If no version information is available, it is recommended to assume that all versions prior to the vendor patch are affected.

Mitigation & Remediation

Organizations should prioritize updating their Rems Contact Manager to the latest version to remediate this vulnerability. In cases where immediate patching is not feasible, consider implementing input validation and sanitization measures to mitigate SQL injection risks. Additionally, it is advisable to restrict access to sensitive endpoints, monitor application logs for suspicious activities, and conduct regular security assessments. For more structured guidance, organizations can refer to comprehensive resources on penetration testing and remediation strategies.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual database queries, especially those involving the delete-contact.php endpoint. Behavioral anomalies, such as unexpected data modifications or deletions, should be investigated. Additionally, implementing network signatures that alert on suspicious access patterns can enhance detection capabilities.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its representation of common SQL injection risks in web applications. As organizations increasingly rely on contact management systems, understanding and defending against these vulnerabilities is crucial. Security teams should adopt a proactive approach by conducting regular security assessments and ensuring proper coding practices to prevent similar vulnerabilities. For more insights, organizations can explore our resources on vulnerability management programs, penetration testing methodologies, and API security testing best practices to enhance their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1168: Medium Severity Vulnerability in Rems Contact Manager