CVE-2025-11909 in Streamax Crocus
Summary
by MITRE • 10/17/2025
A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/31/2025
The vulnerability identified in Shenzhen Ruiming Technology Streamax Crocus version 1.3.40 represents a critical sql injection weakness within the RepairRecord.do web application component. This vulnerability specifically affects the queryLast function located in the /RepairRecord.do?Action=QueryLast endpoint, where the application fails to properly sanitize user input parameters. The flaw manifests when an attacker manipulates the orderField argument, which is directly incorporated into sql query construction without adequate validation or parameterization. This represents a classic sql injection vector that allows malicious actors to inject arbitrary sql commands into the database layer, potentially compromising the entire backend infrastructure.
The technical implementation of this vulnerability stems from improper input validation practices within the web application's backend processing logic. When the orderField parameter is passed to the queryLast function, the application constructs sql queries by directly concatenating user-supplied values into the sql statement structure rather than utilizing parameterized queries or prepared statements. This design flaw aligns with CWE-89, which categorizes sql injection vulnerabilities as a result of insufficient input validation and improper sql query construction. The vulnerability's remote exploitability means that attackers can leverage this weakness from external networks without requiring physical access to the system, making it particularly dangerous for production environments.
The operational impact of this vulnerability extends beyond simple data theft or manipulation, potentially enabling full system compromise through database-level attacks. An attacker could exploit this weakness to extract sensitive information from the database, modify or delete critical records, or even escalate privileges to gain administrative access to the underlying database system. The fact that exploitation has been made publicly available significantly increases the risk profile, as it removes the requirement for advanced technical skills to leverage this vulnerability. The vendor's lack of response to early disclosure attempts creates additional operational concerns, leaving users without official patches or mitigation guidance during the vulnerability's active exploitation period.
Organizations utilizing this software should immediately implement defensive measures including network segmentation to limit access to the vulnerable endpoint, implementing web application firewalls to detect and block malicious sql injection attempts, and monitoring database logs for suspicious activity. The recommended mitigation strategy involves patching the application to version 1.3.41 or later, which should address the improper input validation by implementing proper parameterized queries and input sanitization. Additionally, security teams should conduct comprehensive vulnerability assessments of all web applications to identify similar input validation weaknesses, particularly in endpoints handling user-supplied parameters. The ATT&CK framework categorizes this type of vulnerability under T1190 - Exploit Public-Facing Application, emphasizing the importance of proper input validation and secure coding practices to prevent such attacks. Organizations should also consider implementing database activity monitoring solutions to detect potential exploitation attempts and establish incident response procedures to address potential breaches resulting from this vulnerability.