CVE-2025-60357 in EPP Managementinfo

Summary

by MITRE • 07/17/2026

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The AhnLab EPP Management system version 1.0.14.32-6249 presents a critical security vulnerability through a NoSQL injection flaw in the eventlog/agentEvent/list endpoint. This vulnerability arises from insufficient input validation and sanitization within the web application's data processing pipeline, allowing malicious actors to inject arbitrary NoSQL commands into the backend database query interface. The affected endpoint processes incoming requests without proper parameter filtering, creating an attack surface where crafted payloads can manipulate the underlying MongoDB database structure directly.

This NoSQL injection vulnerability operates at the application layer and represents a direct violation of secure coding practices as outlined in CWE-94, which addresses code injection flaws. The flaw enables attackers to bypass authentication mechanisms, extract sensitive data from the database, modify or delete records, and potentially gain elevated privileges within the system. The specific endpoint design appears to accept user-supplied parameters that are directly incorporated into MongoDB query constructions without adequate sanitization or parameterized query usage.

The operational impact of this vulnerability extends beyond simple data exposure, as it can facilitate comprehensive system compromise and persistent access. Attackers could exploit this weakness to harvest configuration files containing database credentials, user authentication details, and system management information. The vulnerability's presence in a security management platform creates additional risk as it may allow adversaries to manipulate security event logs, potentially covering their tracks or disrupting legitimate security monitoring operations. According to ATT&CK framework category T1213, this represents a data access technique that could lead to further lateral movement within the network infrastructure.

Mitigation strategies should prioritize immediate patching of the affected software version and implementation of proper input validation mechanisms throughout the application stack. Organizations must enforce parameterized queries for all database interactions and implement web application firewalls to detect and block suspicious NoSQL injection attempts. Additional protective measures include restricting database user privileges, implementing comprehensive logging of database access patterns, and conducting regular security assessments of web applications. The vulnerability also highlights the importance of following secure development lifecycle practices as recommended by NIST SP 800-64, particularly in input validation and output encoding phases to prevent injection attacks at their source.

Responsible

MITRE

Reservation

09/26/2025

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!