What is CVE-2025-25992?

CVE-2025-25992 reveals a medium-severity SQL injection vulnerability in FeMiner wms 1.0. This flaw allows remote attackers to access sensitive information through a specific component. Immediate action is recommended to mitigate potential risks.

What is the severity of CVE-2025-25992?

CVE-2025-25992 has a severity rating of MEDIUM with a CVSS base score of 5.1.

CVE-2025-25992 | Medium Vulnerability in FeMiner wms

CVE-2025-25992 is a SQL Injection vulnerability found in FeMiner wms version 1.0. This vulnerability allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. With a CVSS score of 5.1, this vulnerability is classified as medium severity.

The significance of this vulnerability lies in its potential to expose sensitive data, which could lead to unauthorized access and information leakage. Organizations using FeMiner wms must be aware of the risks associated with this vulnerability and take prompt action to address it.

Currently, there are no known public exploits or proof of concept available for this vulnerability, yet the risk to organizations includes potential data exposure. Therefore, organizations should prioritize patching immediately.

As the vulnerability was published on February 14, 2025, and last modified on May 2, 2025, it is crucial for security teams to stay vigilant and ensure that their systems are updated to mitigate the risks associated with this vulnerability.

Vulnerability Details

The vulnerability is classified under CWE-89, which corresponds to SQL Injection. The affected product is FeMiner wms, specifically version 1.0. The CVSS score of 5.1 indicates that the attack vector is local, the attack complexity is low, and no privileges are required for exploitation.

Technical Analysis

The root cause of this vulnerability is a failure to properly sanitize user inputs in the inquire_inout_item.php component, which allows for SQL injection attacks. The attack vector is local, meaning that an attacker must have access to the local network to exploit this vulnerability.

Attack complexity is rated as low, as attackers do not need special conditions to exploit the vulnerability. Additionally, no user interaction is required, which makes this vulnerability more critical.

Risk & Impact Analysis

The real-world risk of this vulnerability is significant, as SQL injection can lead to unauthorized access to sensitive data. Organizations using FeMiner wms should evaluate the potential blast radius of this vulnerability and take immediate action to mitigate it.

Given the CVSS score of 5.1, this vulnerability poses a medium urgency for organizations. They should address it in their priority patch cycle, ensuring that all affected systems are updated to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the FeMiner wms is 1.0. Organizations should ensure that they are running the latest version to mitigate this vulnerability.

Mitigation & Remediation

Organizations should apply patches or updates provided by the vendor for FeMiner wms to remediate this vulnerability. If a patch is not available, organizations should consider implementing web application firewalls to filter out malicious SQL queries. Additionally, regular security assessments and penetration testing can help identify weaknesses in the application.

For more information on best practices for web application security, refer to our application security assessment services.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual SQL queries and access patterns. Additionally, look for behavioral anomalies in web application interactions that could indicate attempts to exploit the SQL injection vulnerability.

AppSecure Threat Intelligence Insight

The SQL injection vulnerability in FeMiner wms represents a common attack vector that organizations face. This incident highlights the necessity for regular security assessments and adherence to secure coding practices to prevent such vulnerabilities.

Security teams should focus on implementing robust validation mechanisms for user inputs to thwart injection attacks effectively. For comprehensive guidance on penetration testing, see our penetration testing services.

Additionally, the trend of SQL injection attacks emphasizes the need for organizations to remain vigilant and proactive in their security strategies, regularly updating their defenses against emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-25992: Medium Vulnerability in FeMiner wms