Vulnerabilities > CVE-2025-3382

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

NVD

Published: 2025-04-07

Updated: 2025-04-08

Summary

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

References

https://github.com/exp3n5ive/Vul/blob/main/xiaozhi-sqli/xiaozhi-sqli.md
https://github.com/exp3n5ive/Vul/blob/main/xiaozhi-sqli/xiaozhi-sqli.md
https://vuldb.com/?ctiid.303628
https://vuldb.com/?id.303628
https://vuldb.com/?submit.552387

Vulnerabilities > CVE-2025-3382 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-3382"}]}

Summary

References

Vulnerabilities > CVE-2025-3382