Is there a public PoC exploit available for CVE-2025-8126?

Yes, a public proof-of-concept exploit is available for CVE-2025-8126. Prioritise patching immediately. EPSS: 0.1%.

Deer WMS 2 CVE-2025-8126

Q: What is the CVSS score of CVE-2025-8126?

CVE-2025-8126 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-07-25 cna@vuldb.com

SQLi Deer Wms 2

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:47 vuln.today

DescriptionCVE.org

A vulnerability classified as critical has been found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/user/export. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection in Deer WMS 2 up to version 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the dataScope parameter in the /system/user/export endpoint, potentially compromising data confidentiality. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited scope, but publicly available exploit code exists and the attack surface is network-accessible.

Technical ContextAI

The vulnerability exists in the user export functionality of Deer WMS 2, specifically in the /system/user/export file handler. The dataScope parameter within the params array is not properly sanitized before being used in SQL query construction, enabling SQL injection attacks. This represents a classic CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) vulnerability where user input flows directly into SQL commands without parameterized query protection or input validation. The affected component handles user data export operations, a critical administrative function that typically processes sensitive personnel or system information.

RemediationAI

Upgrade Deer WMS 2 to version 3.4 or later once released by the vendor, verifying the fix through the official Gitee repository at https://gitee.com/deerwms/deer-wms-2. As an interim compensating control, restrict network access to the /system/user/export endpoint to trusted internal networks only using a reverse proxy or WAF rule that blocks requests with suspicious SQL keywords in the params[dataScope] parameter (e.g., UNION, SELECT, OR, --). Additionally, enforce strong authentication mechanisms including multi-factor authentication for administrative accounts and implement principle of least privilege so that user export functionality is restricted to only those roles that require it. Monitor access logs for repeated 401/403 errors or unusual parameter patterns on the /system/user/export endpoint. Note that WAF rules may block legitimate exports containing certain characters, requiring testing before production deployment. These compensating controls should be considered temporary-vendor patching remains the definitive fix.

CVE-2025-8126 vulnerability details – vuln.today

Back