Medium Published: Dec 15, 2025

CVE-2025-14694

4.7 CVSS Score Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Export CVE-2025-14694 Data:

Link copied!

Description

A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Weaknesses (CWE)

CWE-74

References & External Links

https://github.com/c3p0ooo-Yiqiyin/JEPaaS-readAllPostil-SQL-Injection-Vulnerability/blob/main/README.md
https://vuldb.com/?ctiid.336412
https://vuldb.com/?id.336412
https://vuldb.com/?submit.707178

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker