Deer WMS 2
CVE-2025-8125
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/role/authUser/allocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to manipulate the dataScope parameter in the /system/role/authUser/allocatedList endpoint, leading to limited information disclosure. The vulnerability requires valid user credentials and carries a low CVSS base score of 2.1 despite critical severity rating, with publicly available exploit code disclosed via Gitee issue tracker. EPSS exploitation probability is extremely low at 0.07%, indicating this is unlikely to be a widespread attack vector despite public POC availability.
Technical ContextAI
Deer WMS 2 is a warehouse management system written in Java. The vulnerability stems from improper input validation in the /system/role/authUser/allocatedList endpoint, where user-supplied parameters in the dataScope argument are passed directly into SQL queries without sanitization or parameterized query protection. This is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which encompasses SQL injection. The affected endpoint handles role-based access control and user allocation operations, suggesting the vulnerable code path processes database queries during authorization context evaluation.
RemediationAI
Upgrade Deer WMS 2 to a patched version released after 3.3; the exact patched version number was not confirmed in available vendor documentation, so contact Deerwms support or review the official Gitee repository for the latest stable release. As an immediate compensating control, restrict authenticated user access to the /system/role/authUser/allocatedList endpoint using application firewall rules or reverse proxy configuration, allowing only trusted administrative accounts. Implement input validation on the dataScope parameter by enforcing strict allowlist validation (only permit known valid scope values) and deploy parameterized query enforcement at the database driver level to block SQL injection syntax. Monitor access logs for suspicious dataScope parameter values containing SQL metacharacters (quotes, semicolons, comments) and configure database user privileges so the application account cannot execute statements beyond SELECT operations on the affected table. These controls mitigate the risk even if the underlying code is not patched, though code-level remediation via the vendor patch remains the authoritative fix.
Share
External POC / Exploit Code
Leaving vuln.today