Is there a public PoC exploit available for CVE-2025-11629?

Yes, a public proof-of-concept exploit is available for CVE-2025-11629. Prioritise patching immediately. EPSS: 0.0%.

RainyGao DocSys CVE-2025-11629

Q: What is the CVSS score of CVE-2025-11629?

CVE-2025-11629 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-10-12 cna@vuldb.com

SQLi Docsys

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:16 vuln.today

DescriptionCVE.org

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in RainyGao DocSys up to version 2.02.36 allows authenticated remote attackers to execute arbitrary SQL queries via the getUserList function in /Manage/getUserList.do, enabling unauthorized data access with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor did not respond to early disclosure notification.

Technical ContextAI

RainyGao DocSys is a document management system. The vulnerability exists in the getUserList endpoint (/Manage/getUserList.do), which fails to properly sanitize user-supplied input before constructing SQL queries (CWE-74: Improper Neutralization of Special Elements used in an Output Command). The affected CPE (cpe:2.3:a:docsys_project:docsys:*) indicates the vulnerable code path applies across versions up to 2.02.36. The SQL injection occurs at the query parameter level, allowing attackers with valid credentials to manipulate SQL logic and retrieve unauthorized records from the database.

RemediationAI

Upgrade to RainyGao DocSys version 2.02.37 or later once released by the vendor. As of this analysis, no patched version has been publicly confirmed-contact RainyGao directly for patch availability and timelines. Immediate compensating controls: (1) Restrict network access to the /Manage/getUserList.do endpoint to trusted internal networks only using WAF or IP whitelisting; this reduces attack surface by blocking remote exploitation while maintaining internal functionality. (2) Implement database query logging and alerting for SQL syntax anomalies (e.g., UNION, SELECT, OR 1=1) to detect exploitation attempts in real time. (3) Apply the principle of least privilege to DocSys database accounts-use a dedicated read-only user for getUserList queries rather than administrative credentials, limiting data exfiltration scope. (4) Enable multi-factor authentication for DocSys administrator accounts to reduce credential compromise risk. Side effects: network restrictions may inconvenience remote workers; query logging adds performance overhead on high-volume deployments.

CVE-2025-11629 vulnerability details – vuln.today

Back