CVE-2025-1535

HIGH

Baiyi Cloud Asset Management System <8.142.100.161 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-1535. PoCs published by iSee857.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-1535, specifically a SQL injection vulnerability in BaiYiYun. The PoC demonstrates the vulnerability by sending a crafted payload to a vulnerable endpoint and checking for a specific response pattern.

Description

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/BaiYiYun_CVE-2025-1535_SQL_Injection.py

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-1535, specifically a SQL injection vulnerability in BaiYiYun. The PoC demonstrates the vulnerability by sending a crafted payload to a vulnerable endpoint and checking for a specific response pattern.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: BaiYiYun

No auth needed

Prerequisites: Network access to the target system · Vulnerable endpoint exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.296475

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.296475

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.496969

Various Sources exploit

https://github.com/sekaino-sakura/CVE/blob/main/CVE_2.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0040

EPSS Percentile 32.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

Baiyi/Cloud Asset Management System 8.142.100.161

Published Feb 21, 2025

Tracked Since Feb 18, 2026