What is the CVSS score of CVE-2025-57529?

CVE-2025-57529 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Cpas Audit Management System are affected by CVE-2025-57529?

YouDataSum CPAS Audit Management System versions 4.9 and earlier contain a critical SQL injection vulnerability that allows unauthenticated attackers to remotely execute arbitrary database commands.

Is there a public PoC exploit available for CVE-2025-57529?

Yes, a public proof-of-concept exploit is available for CVE-2025-57529. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-57529?

Within 24 hours: Immediately isolate affected CPAS systems from production networks or disable the vulnerable /cpasList/findArchiveReportByDah endpoint if possible; notify all stakeholders and audit teams of potential exposure. Within 7 days: Implement emergency WAF rules to block malicious SQL injection patterns targeting this endpoint; conduct forensic analysis of database access logs to identify unauthorized queries or data exfiltration. Within 30 days: Contact YouDataSum for patch availability and timeline; if no patch emerges, evaluate alternative audit management solutions or implement permanent network-level access restrictions limiting endpoint exposure to authorized internal users only.

Cpas Audit Management System CVE-2025-57529

CRITICAL

SQL Injection (CWE-89)

2026-02-03 cve@mitre.org

SQLi Cpas Audit Management System

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 20:41 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

CRITICAL 9.8

DescriptionCVE.org

YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access

AnalysisAI

YouDataSum CPAS Audit Management System v4.9 has a SQL injection in the archive report endpoint allowing extraction of audit and compliance data.

Technical ContextAI

The /cpasList/findArchiveReportByDah endpoint in CPAS Audit Management System <= v4.9 has a CWE-89 SQL injection through unsanitized parameters.

RemediationAI

Update the system. Parameterize SQL queries.

CVE-2025-57529 vulnerability details – vuln.today

Back

Cpas Audit Management System CVE-2025-57529

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code