CVE-2025-57529

CRITICAL

Youdatasum Cpas Audit Management System < 4.9 - SQL Injection

Title source: rule

Description

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

Exploits (1)

nomisec WORKING POC

by songqb-xx · poc

https://github.com/songqb-xx/CVE-2025-57529

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/songqb-xx/CPAS-bug

[Exploit, Third Party Advisory] https://github.com/songqb-xx/CVE-2025-57529/blob/main/README.md

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

youdatasum/cpas_audit_management_system < 4.9

Published Feb 03, 2026

Tracked Since Feb 18, 2026