How to fix CVE-2025-34038?

Within 24 hours: Identify all Weaver E-cology 8.0 instances in your environment and isolate them from untrusted networks if possible; enable security monitoring on the getdata.jsp endpoint. Within 7 days: Implement WAF rules to block requests to getdata.jsp with sql parameters containing SQL keywords; conduct credential audit and force password resets for all administrator accounts. Within 30 days: Contact vendor for patch availability; evaluate migration to alternative solutions if patch timeline is unclear.

Is E Cology affected by CVE-2025-34038?

An unauthenticated SQL injection vulnerability in Weaver E-cology 8.0 allows attackers to extract sensitive data including administrator credentials without requiring login. Active exploitation has been confirmed in the wild, creating immediate risk to organizations running this software.

CVE-2025-34038

EUVD-2025-19038 HIGH

2025-06-24 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19038

PoC Detected

Jan 27, 2026 - 21:15 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 02:15 nvd

HIGH 7.5

Description

A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Analysis

CVE-2025-34038 is an unauthenticated SQL injection vulnerability in Weaver E-cology 8.0's getdata.jsp endpoint that allows attackers to execute arbitrary SQL queries by injecting malicious code through the unsanitized 'sql' parameter in the getSelectAllIds() method. The vulnerability affects Weaver E-cology 8.0 and enables attackers to extract sensitive data including administrator password hashes without authentication. Active exploitation has been observed by Shadowserver Foundation as of 2025-02-05, indicating this is a real and present threat in the wild.

Technical Context

This vulnerability resides in the AjaxManager component of Weaver E-cology, specifically within the getdata.jsp endpoint accessible via the 'cmd=getSelectAllId' workflow parameter. The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command—'SQL Injection'), where user-supplied input from the 'sql' parameter is directly concatenated into dynamic SQL queries without parameterization, input validation, or prepared statement usage. The getSelectAllIds(sql, type) method fails to sanitize the sql parameter before passing it to the database query execution layer. Weaver E-cology is a Chinese collaborative office and document management platform widely deployed in enterprise environments. The vulnerability is reachable through HTTP GET/POST requests to the JSP endpoint, making it easily exploitable over standard web protocols without requiring authentication.

Affected Products

Weaver E-cology version 8.0 is confirmed affected. The vulnerability is specific to the getdata.jsp endpoint within the AjaxManager component. Based on vendor product lines, this likely affects CPE string pattern: cpe:2.3:a:weaver:e-cology:8.0:*:*:*:*:*:*:*. The Weaver E-cology product line is primarily deployed in Chinese enterprises and government organizations. Patch availability and vendor advisory details should be obtained from Weaver's official security bulletins; as of the vulnerability disclosure (2025-02-05), patched versions (if available) would typically be version 8.1 or later, though this requires confirmation from official Weaver security advisories. Organizations should cross-reference with Weaver's official vulnerability database for definitive patch versions.

Remediation

Immediate remediation steps: (1) Apply the latest security patch from Weaver E-cology immediately—contact Weaver support for version 8.1+ or verified hotfixes; (2) If patching is delayed, implement network-level controls by restricting access to getdata.jsp via Web Application Firewall (WAF) rules that block requests containing 'cmd=getSelectAllId' from untrusted networks; (3) Implement input validation and parameterized queries (prepared statements) at the application layer if source code access is available; (4) Deploy SQL injection detection signatures in intrusion detection systems (IDS) to monitor for malicious SQL patterns in the 'sql' parameter (keywords: UNION, SELECT, DROP, INSERT, etc.); (5) Review database access logs and query logs for evidence of exploitation—look for unusual SELECT statements targeting user tables or credential stores; (6) Rotate administrator credentials and review password hashes for compromise; (7) Segment network to limit Weaver E-cology's exposure to trusted networks only. Consult official Weaver security advisories at weaver.com.cn or through your vendor relationship for authoritative patch information and deployment guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +3.9

CVSS: +38

POC: +20

CVE-2025-34038 vulnerability details – vuln.today

Back

CVE-2025-34038

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-34038

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code