CVE-2025-34059
HIGH EXPLOITEDDahua Smart Cloud Gateway Registration Management Platform - SQL In...
Title source: llmExploitation Summary
CVE-2025-34059 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements and potentially disclose sensitive information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
References (5)
Core 5
Core References
Various Sources third-party-advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2024-38747
Various Sources exploit
https://www.cnblogs.com/LeouMaster/p/18509644
Various Sources product
https://www.dahuatech.com/
Various Sources third-party-advisory
https://pentest-tools.com/vulnerabilities-exploits/zhejiang-dahua-smart-cloud-gateway-registration-platform-sql-injection-cnvd-2024-38747_23762
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/dahua-smart-cloud-gateway-sql-injection
Scores
CVSS v4
8.7
EPSS
0.0043
EPSS Percentile
33.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-07-01
CWE
CWE-200
CWE-89
Status
published
Products (1)
Zhejiang Dahua Technology Co., Ltd./Smart Cloud Gateway Registration Management Platform
Published
Jul 01, 2025
Tracked Since
Feb 18, 2026