KEVIntel
Back to KEVs
5.3
CVSS
Medium

CVE-2025-0944

PUBLISHED

itsourcecode Tailoring Management System customerview.php sql injection

Exploited in the wild Remote Low complexity No user interaction
Vendor
itsourcecode
Product
Tailoring Management System
Published
Feb 01, 2025
EPSS

Description

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in itsourcecode Tailoring Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei customerview.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS scores

CVSS v4.0 5.3 Medium

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CVSS v3.1 6.3 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v3.0 6.3 Medium

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2.0 6.5

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitation status

Exploited in the wild

Recorded 2025-06-23 11:41:47 UTC · Source

SSVC decision points

Exploitation
poc
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) Jun 23, 2025

Recent mentions

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

TheHackerNews · May 22, 2025

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel