What is CVE-2025-1381?

A medium-severity SQL injection vulnerability exists in code-projects Real Estate Property Management System 1.0. Organizations should prioritize patching as exploitation may be possible remotely.

What is the severity of CVE-2025-1381?

CVE-2025-1381 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-1381 | Medium Vulnerability in code-projects Real Estate Property Management System

A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

This vulnerability allows attackers to manipulate SQL queries through the CityName parameter, potentially compromising the database. The severity level is medium, with a CVSS score of 5.3, indicating that while the attack complexity is low, the potential impact on confidentiality, integrity, and availability is also low.

Risk to organizations includes unauthorized access to sensitive data and potential data corruption. Given the ease of exploitation, organizations should address this vulnerability in their priority patch cycle.

No public exploit has been confirmed, and the vulnerability is not listed in the Known Exploitation Vulnerability (KEV) catalog. Nevertheless, organizations should remain vigilant and implement appropriate security measures.

Vulnerability Details

The vulnerability is classified as a SQL injection vulnerability, affecting the Real Estate Property Management System 1.0. The CVSS score of 5.3 indicates a medium severity level. The vulnerability was published on February 17, 2025, and is associated with CWE-89, which denotes the SQL injection issue.

Technical Analysis

The root cause of this vulnerability stems from insufficient input validation on the CityName parameter in the /ajax_city.php file. Attackers may exploit this flaw by injecting malicious SQL code into the input field, which can be executed by the database.

The attack vector is network-based, and the complexity is low, requiring only low privileges to execute. Additionally, no user interaction is required, making this vulnerability particularly concerning for systems using this management platform.

Risk & Impact Analysis

Real-world deployment risks associated with this vulnerability include data breaches and potential unauthorized access to sensitive information stored within the database. The blast radius could be significant, especially in environments where the affected system is utilized extensively.

Organizations should assess their exposure based on the CVSS score of 5.3 and prioritize remediation during their patching cycles. Given that the vulnerability is not included in the KEV catalog, organizations should maintain an active monitoring strategy.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected product includes Real Estate Property Management System version 1.0. All versions prior to vendor patch are impacted.

Mitigation & Remediation

Organizations should prioritize patching immediately. For those unable to apply the patch, implementing input validation and sanitization for user inputs can mitigate risks. Additionally, network controls should be established to limit access to vulnerable components.

Continuous monitoring of logs and unusual activities will also help detect any attempts to exploit this vulnerability. More guidance can be found in the penetration testing services offered by AppSecure.

Detection Guidance

Monitor logs for SQL errors and any suspicious queries that utilize the CityName parameter. Additionally, abnormal application behavior should be tracked to detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

This vulnerability is indicative of the ongoing issues associated with SQL injection vulnerabilities in web applications. Security teams should learn from this incident to enhance their defenses against similar attacks.

For increased resilience, organizations should adopt a comprehensive penetration testing methodology and regularly audit their web applications for vulnerabilities.

Organizations should also consider implementing a vulnerability management program to systematically address and remediate vulnerabilities as they arise.

Finally, organizations should evaluate their security posture through web application penetration testing to ensure all aspects of their applications are secure.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1381: Medium Vulnerability in code-projects Real Estate Property Management System