CVE-2025-24787: High Vulnerability in Clidey WhoDB

CVE-2025-24787 is a high-severity vulnerability identified in Clidey WhoDB, an open-source database management tool. This vulnerability allows parameter injection in database connection strings, enabling an attacker to read local files on the machine where the application is running. The issue arises from unsafe string concatenation used to build database connection URIs, which are passed to libraries responsible for establishing these connections.

The application does not properly escape or encode user input when constructing these URIs. This oversight allows users to inject arbitrary parameters, potentially leading to severe security implications. A particularly dangerous parameter is `allowAllFiles` in the MySQL driver library, which, if set to `true`, enables the execution of the `LOAD DATA LOCAL INFILE` query on any file on the host machine. By injecting `&allowAllFiles=true` into the connection URI and connecting to a MySQL server, possibly under an attacker’s control, an attacker can exploit this vulnerability to read local files.

The vulnerability was published on February 6, 2025, and has been classified with a CVSS score of 8.6, indicating high severity. Organizations utilizing affected versions of WhoDB are strongly advised to upgrade to version 0.45.0, which addresses this vulnerability. Currently, there are no known workarounds available to mitigate this issue.

Given the potential for attackers to exploit this vulnerability, organizations should prioritize patching immediately.

Vulnerability Details

The official description of CVE-2025-24787 states that the vulnerability in WhoDB allows for parameter injection in database connection strings. The CVSS score of 8.6 reflects high severity due to the potential for attackers to gain unauthorized access to sensitive local files.

The affected product is WhoDB, developed by Clidey. The vulnerability is classified under CWE-943, indicating improper neutralization of special elements used in an SQL command ('SQL Injection').

Technical Analysis

The root cause of this vulnerability stems from the unsafe concatenation of strings to generate database connection URIs. The attack vector is network-based, with a low attack complexity and no privileges required for exploitation. User interaction is not necessary, making this vulnerability particularly dangerous.

The confidentiality impact is high, as attackers may gain access to sensitive local files. However, there is no integrity or availability impact associated with this vulnerability. Given these factors, organizations must assess their exposure and take immediate action.

Risk & Impact Analysis

Organizations using WhoDB are at significant risk due to this vulnerability, which could allow unauthorized access to sensitive data. The potential blast radius includes any files accessible from the host machine, amplifying the urgency for remediation. The vulnerability's high CVSS score and the absence of workarounds necessitate immediate patching.

Given the high-risk profile, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Affected Versions

The affected versions of WhoDB are all versions prior to 0.45.0. Users are advised to upgrade to this version to mitigate the vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations must upgrade to WhoDB version 0.45.0 or later. There are no known workarounds for this issue. It is essential that organizations implement this patch to ensure their environment is secure.

Additionally, organizations should consider engaging in penetration testing to assess their security posture against similar vulnerabilities.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts or unusual file access patterns. Behavioral anomalies related to database connection URIs should also be scrutinized for signs of this vulnerability being exploited.

AppSecure Threat Intelligence Insight

CVE-2025-24787 highlights a critical issue in parameter handling within database management systems. This vulnerability underscores the importance of secure coding practices, particularly in the context of user input validation and encoding. Organizations are reminded of the ongoing risk posed by such vulnerabilities and the necessity for regular security assessments.

Security teams should leverage insights from this incident to develop stricter input validation frameworks and conduct thorough security training for developers. Continuous monitoring and regular penetration testing can help identify similar weaknesses before they can be exploited.

For further information about improving security measures, organizations can refer to the following resources: penetration testing methodology, vulnerability management program, and web application penetration testing best practices.