Is there a public PoC exploit available for CVE-2025-8161?

Yes, a public proof-of-concept exploit is available for CVE-2025-8161. Prioritise patching immediately. EPSS: 0.1%.

Deer WMS 2 CVE-2025-8161

Q: What is the CVSS score of CVE-2025-8161?

CVE-2025-8161 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-07-25 cna@vuldb.com

SQLi Deer Wms 2

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:48 vuln.today

DescriptionCVE.org

A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SQL injection in Deer WMS 2 versions up to 3.3 allows authenticated remote attackers to execute arbitrary SQL queries via the params[dataScope] parameter in the /system/role/export endpoint, leading to limited information disclosure. The vulnerability carries a CVSS score of 2.1 despite being classified critical in the original report, reflecting the CVSS v4.0 assessment of low confidentiality, integrity, and availability impact combined with required authentication. Publicly available exploit code exists, but real-world exploitation risk remains minimal due to the low EPSS score (0.07%, 22nd percentile) and authentication requirement.

Technical ContextAI

The vulnerability resides in SQL query construction within the /system/role/export endpoint of Deer WMS 2, a role-based access control management module. The root cause is improper input validation and parameterization of the params[dataScope] argument, classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which encompasses SQL injection flaws. The affected product is identified via CPE cpe:2.3:a:deerwms:deer-wms-2:*:*:*:*:*:*:*:*, indicating the vulnerability affects multiple minor versions of the 3.x release line up through 3.3. The attack vector is network-based (AV:N), exploitable without special conditions (AC:L, AT:N), but requires valid user credentials (PR:L), limiting the threat model to authenticated internal or compromised users.

RemediationAI

Upgrade Deer WMS 2 to a version newer than 3.3 once available from the vendor; no specific patched version is confirmed in the references provided. As an immediate workaround, restrict network access to the /system/role/export endpoint using a WAF or reverse proxy, blocking requests with suspicious SQL keywords or special characters in the params[dataScope] parameter (trade-off: may require whitelisting legitimate values, complicating role export workflows). Alternatively, enforce strong authentication and audit logs on role-export operations to detect exploitation attempts. Contact the Deer WMS 2 development team via the Gitee repository (https://gitee.com/deerwms/deer-wms-2) for an explicit patch release timeline and interim security guidance.

CVE-2025-8161 vulnerability details – vuln.today

Back