CVE-2025-30002 in TeleControl Server Basic
Summary
by MITRE • 04/16/2025
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25909)
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/19/2025
The vulnerability CVE-2025-30002 represents a critical SQL injection flaw within TeleControl Server Basic versions prior to V3.1.2.2 that exposes the system to significant security risks. This vulnerability specifically affects the 'UpdateConnectionVariables' method which internally processes database operations, creating an attack surface where malicious input can be directly executed within the database context. The flaw stems from insufficient input validation and parameter sanitization within the application's database interaction layer, allowing crafted malicious payloads to manipulate database queries through the application's API endpoints.
The technical implementation of this vulnerability enables authenticated remote attackers to exploit the SQL injection flaw by leveraging the application's network interface on port 8000. The attack vector requires the adversary to establish a connection to the vulnerable service and utilize the exposed API methods that process user-supplied parameters. This creates a pathway for attackers to bypass standard authorization mechanisms and gain direct database access. The vulnerability's severity is amplified by the fact that successful exploitation results in code execution with elevated privileges, specifically "NT AUTHORITY\NetworkService" permissions which provides significant system access capabilities.
The operational impact of this vulnerability extends beyond simple data theft or modification as it fundamentally compromises the integrity and confidentiality of the affected system. Attackers can leverage this vulnerability to perform unauthorized database reads and writes, potentially accessing sensitive configuration data, user credentials, or operational information stored within the application's database. The execution of arbitrary code with network service privileges allows for further lateral movement within the network and can serve as a foothold for more extensive attacks. The vulnerability affects systems where the TeleControl Server Basic application is deployed, particularly those exposed to untrusted networks or with insufficient network segmentation.
Security controls and mitigation strategies should focus on immediate patch deployment to version 3.1.2.2 or later which addresses the SQL injection vulnerability through proper input validation and parameterized query implementation. Network-level defenses should include firewall rules that restrict access to port 8000 to only trusted sources and implement monitoring for suspicious database query patterns. The vulnerability aligns with CWE-89 which categorizes SQL injection flaws as critical database security issues, and maps to ATT&CK technique T1071.004 for application layer protocol manipulation. Organizations should also implement database activity monitoring, regular security assessments of application interfaces, and ensure proper network segmentation to limit the potential impact of such vulnerabilities. The remediation process should include comprehensive testing to verify that the patch does not introduce regressions in application functionality while ensuring all affected systems are updated across the enterprise environment.