CVE-2025-8123

high

Published 2025-07-24 · Modified 2026-04-29

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://gitee.com/deerwms/deer-wms-2/issues/ICLRFL

Application impact

Vendor	Product	Versions	Fixed
deerwms	deer-wms-2	`{"endIncluding":"3.3"}`

References

https://gitee.com/deerwms/deer-wms-2/issues/ICLRFL
https://vuldb.com/?ctiid.317508
https://vuldb.com/?id.317508
https://vuldb.com/?submit.619691
https://gitee.com/deerwms/deer-wms-2/issues/ICLRFL

CWEs

CWE-74 CWE-89

Verify integrity in audit chain (admin only). AS-IS.