What is the CVSS score of CVE-2025-70821?

CVE-2025-70821 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Java are affected by CVE-2025-70821?

A critical SQL injection vulnerability (CVE-2025-70821) affects renren-security versions before v5.5.0, allowing attackers to execute arbitrary database commands with a 9.8 CVSS score.

Is there a public PoC exploit available for CVE-2025-70821?

Yes, a public proof-of-concept exploit is available for CVE-2025-70821. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-70821?

Within 24 hours: Identify all systems running renren-security versions before v5.5.0 and isolate them or restrict network access if possible; enable enhanced database query logging and monitoring. Within 7 days: Apply WAF rules to block SQL injection patterns targeting BaseServiceImpl.java endpoints; implement database activity monitoring and access controls. Within 30 days: Upgrade to renren-security v5.5.0 or later once patch is available; conduct forensic analysis for signs of exploitation; review database access logs for unauthorized activity.