Vulnerabilities ›

CVE-2018-25257

High

CWE-89 — Weakness Type

                    Published: Apr 12, 2026                      ·  Modified: Apr 19, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.

🤖 AI Executive Summary

CVE-2018-25257 is a high-severity SQL injection vulnerability in Adianti Framework versions 5.5.0 and 5.6.0 that allows authenticated users to inject malicious SQL code through the SystemProfileForm name field. Attackers can exploit this to modify database queries, escalate privileges, and gain administrative access. The vulnerability poses significant risk to Saudi organizations using this framework for critical business applications, particularly in government and financial sectors where user profile management is essential.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 9, 2026 08:37

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations in Government (NCA, MOCI), Banking (SAMA-regulated institutions), and Healthcare sectors that utilize Adianti Framework for internal management systems. The SQL injection vulnerability allows authenticated insiders or compromised accounts to escalate privileges to administrative level, potentially leading to unauthorized access to sensitive citizen data, financial records, and critical infrastructure information. Organizations running legacy Adianti Framework versions 5.5.0-5.6.0 face elevated risk of data breach and compliance violations under NCA ECC 2024 and SAMA CSF frameworks.

🏢 Affected Saudi Sectors

Government Banking Healthcare Telecommunications Energy Education Insurance

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts (authenticated user exploitation) T1110 - Brute Force (privilege escalation attempts) T1021 - Remote Services (administrative access abuse) T1098 - Account Manipulation (credential modification via SQL injection) T1005 - Data from Local System (unauthorized database access) T1040 - Network Sniffing (potential data exfiltration)

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running Adianti Framework versions 5.5.0 and 5.6.0 across your infrastructure

2. Restrict access to SystemProfileForm endpoints to essential administrative users only

3. Implement database activity monitoring (DAM) to detect anomalous SQL queries

4. Review audit logs for suspicious profile modification activities



PATCHING GUIDANCE:

1. Upgrade to Adianti Framework version 5.7.0 or later immediately

2. If upgrade is not immediately possible, apply input validation patches from vendor

3. Test patches in non-production environment before deployment



COMPENSATING CONTROLS (if patching delayed):

1. Implement Web Application Firewall (WAF) rules to block SQL injection patterns in profile edit requests

2. Apply strict input validation on the name field: whitelist alphanumeric characters and common name formats only

3. Use parameterized queries/prepared statements for all database interactions

4. Enforce principle of least privilege for database accounts

5. Enable SQL query logging and alerting for suspicious patterns



DETECTION RULES:

1. Monitor for SQL keywords (UNION, SELECT, DROP, INSERT, UPDATE) in SystemProfileForm name field submissions

2. Alert on profile modification requests containing special characters: ', ", --, ;, /*

3. Track failed authentication attempts followed by successful administrative access

4. Monitor for unusual database query patterns from application service accounts

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تعمل بإصدارات Adianti Framework 5.5.0 و5.6.0 عبر البنية التحتية

2. تقييد الوصول إلى نقاط نهاية SystemProfileForm للمستخدمين الإداريين الأساسيين فقط

3. تنفيذ مراقبة نشاط قاعدة البيانات (DAM) للكشف عن استعلامات SQL الشاذة

4. مراجعة سجلات التدقيق للأنشطة المريبة في تعديل الملف الشخصي

إرشادات التصحيح:

1. الترقية إلى إصدار Adianti Framework 5.7.0 أو أحدث فوراً

2. إذا لم يكن الترقية ممكنة فوراً، طبق تصحيحات التحقق من الإدخال من المورد

3. اختبر التصحيحات في بيئة غير الإنتاج قبل النشر

الضوابط البديلة (إذا تأخر التصحيح):

1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في طلبات تعديل الملف الشخصي

2. تطبيق التحقق الصارم من الإدخال على حقل الاسم: السماح بالأحرف الأبجدية الرقمية فقط وتنسيقات الأسماء الشائعة

3. استخدام الاستعلامات المعاملة/البيانات المحضرة لجميع تفاعلات قاعدة البيانات

4. فرض مبدأ أقل امتياز لحسابات قاعدة البيانات

5. تفعيل تسجيل الاستعلامات والتنبيهات لأنماط مريبة

قواعد الكشف:

1. مراقبة كلمات SQL الرئيسية (UNION, SELECT, DROP, INSERT, UPDATE) في تقديمات حقل الاسم

2. التنبيه على طلبات تعديل الملف الشخصي التي تحتوي على أحرف خاصة: ', ", --, ;, /*

3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الإداري الناجح

4. مراقبة أنماط استعلامات قاعدة البيانات غير العادية من حسابات خدمة التطبيق

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information Security Policies (access control to profile management) A.6.1.2 - User Access Management (privilege escalation prevention) A.6.2.1 - User Registration and De-registration (profile integrity) A.7.1.1 - Cryptography (data protection from unauthorized modification) A.8.2.3 - Handling of Assets (secure application development) A.12.2.1 - Change Management (patch deployment procedures) A.12.4.1 - Event Logging (detection of SQL injection attempts)

🔵 SAMA CSF

ID.AM-2 - Asset Management (inventory of Adianti Framework instances) PR.AC-1 - Access Control Policy (restrict SystemProfileForm access) PR.AC-4 - Access Rights (principle of least privilege) PR.DS-2 - Data Security (input validation and parameterized queries) DE.CM-1 - Detection Processes (SQL injection pattern detection) RS.MI-2 - Incident Response (privilege escalation investigation)

🟡 ISO 27001:2022

A.5.1.1 - Information security policies and procedures A.6.1.2 - User registration and access rights management A.6.2.2 - User access provisioning and de-provisioning A.8.1.1 - Secure development policy A.8.2.3 - Secure development and change management A.12.4.1 - Event logging and monitoring A.14.2.1 - Secure development requirements

🔗 References & Sources 2

🔗

https://www.exploit-db.com/exploits/46217

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/adianti-framework-and-sql-injection-via-profile

disclosure@vulncheck.com

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-89

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-89

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2018-25257

💬 Comments

Introduce Yourself

Sign In Required