CVE-2025-25763

CRITICAL

crmeb CRMEB-KY < 5.4.0 - SQL Injection via getRead() in SystemDatabackupServices.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-25763. PoCs published by Oyst3r1ng.

AI-analyzed exploit summary The repository originally contained exploit details and PoC for CVE-2025-25763 but has been fully removed per vendor request. Only a README remains, stating compliance with legal/ethical guidelines.

Description

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php

Exploits (1)

nomisec STUB

by Oyst3r1ng · poc

https://github.com/Oyst3r1ng/CVE-2025-25763

View Code ZIP pw:eip

The repository originally contained exploit details and PoC for CVE-2025-25763 but has been fully removed per vendor request. Only a README remains, stating compliance with legal/ethical guidelines.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link

https://github.com/J-0k3r/CVE-2025-25763

Broken Link

https://github.com/J-0k3r/sql/blob/main/sql.pdf

Scores

CVSS v3 9.8

EPSS 0.0082

EPSS Percentile 52.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

crmeb/crmeb 5.4.0

Published Mar 06, 2025

Tracked Since Feb 18, 2026