CVE-2018-25075

MEDIUM

karsany OBridge <1.3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25075. PoCs published by epicosy.

AI-analyzed exploit summary This repository contains documentation and test code for OBridge, a Java source code generator for Oracle PL/SQL package procedures. It does not include exploit code for CVE-2018-25075.

Description

A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376.

Exploits (1)

nomisec WRITEUP

by epicosy · poc

https://github.com/epicosy/obridge

View Code ZIP pw:eip

This repository contains documentation and test code for OBridge, a Java source code generator for Oracle PL/SQL package procedures. It does not include exploit code for CVE-2018-25075.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: OBridge (Java source code generator for Oracle PL/SQL)

No auth needed

Prerequisites: Oracle database access · Java environment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.218376

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.218376

Patch, Third Party Advisory patch

https://github.com/karsany/obridge/commit/52eca4ad05f3c292aed3178b2f58977686ffa376

View Patch ZIP pw:eip

Release Notes, Third Party Advisory patch

https://github.com/karsany/obridge/releases/tag/v1.4

Scores

CVSS v3 4.6

EPSS 0.0095

EPSS Percentile 56.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

obridge_project/obridge < 1.4

Published Jan 15, 2023

Tracked Since Feb 18, 2026