CVE-2025-67829 in Mura
Summary
by MITRE • 03/18/2026
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/24/2026
The vulnerability identified as CVE-2025-67829 affects Mura CMS versions prior to 10.1.14 and represents a critical SQL injection flaw within the beanFeed.cfc component's getQuery method. This vulnerability specifically manifests when processing the sortDirection parameter, which is improperly sanitized before being incorporated into database queries. The flaw resides in the application's handling of user-supplied input that directly influences SQL query construction, creating an avenue for malicious actors to execute arbitrary database commands. The affected component beanFeed.cfc serves as a core element for data retrieval and feed generation within the Mura platform, making this vulnerability particularly dangerous as it could be exploited to access sensitive information stored in the underlying database.
The technical implementation of this vulnerability follows a classic SQL injection pattern where the sortDirection parameter is concatenated directly into SQL query strings without proper input validation or parameterization. When an attacker submits malicious input through this parameter, the application fails to sanitize or escape the input before using it in database operations. This allows for manipulation of the intended SQL query structure, potentially enabling data exfiltration, unauthorized access to administrative functions, or complete database compromise. The vulnerability aligns with CWE-89 which categorizes improper neutralization of special elements used in SQL commands, and represents a direct violation of secure coding practices that mandate parameterized queries for all database interactions. Attackers could leverage this weakness to perform union-based attacks, error-based exploitation, or blind SQL injection techniques depending on the database backend and error handling configurations.
The operational impact of this vulnerability extends beyond simple data theft to encompass potential system compromise and business disruption. Given that Mura CMS is widely used for enterprise content management, exploitation of this flaw could result in unauthorized access to sensitive corporate data, user credentials, or proprietary information. The vulnerability's presence in the beanFeed.cfc component suggests that it may affect multiple application functionalities that rely on data feeds and query operations, potentially providing attackers with a foothold for further reconnaissance and lateral movement within the affected environment. Organizations using vulnerable versions of Mura CMS face significant risk of data breaches, regulatory compliance violations, and reputational damage. The vulnerability also creates opportunities for attackers to escalate privileges and potentially gain administrative control over the CMS platform, which could lead to complete system compromise and persistent backdoor access.
Mitigation strategies for CVE-2025-67829 should prioritize immediate patch application to Mura CMS version 10.1.14 or later, which includes proper input sanitization and parameterization of database queries. Organizations should implement comprehensive input validation measures that reject or sanitize all user-supplied data before processing, particularly focusing on SQL reserved words and special characters. Network segmentation and access controls should be enforced to limit exposure of the affected application components, while database query monitoring and intrusion detection systems should be deployed to identify potential exploitation attempts. Security teams should conduct thorough vulnerability assessments of all Mura installations and related components to identify potential similar vulnerabilities. The remediation process should also include implementing proper application logging and monitoring to detect anomalous query patterns that may indicate exploitation attempts, and establishing incident response procedures specifically tailored to handle SQL injection attacks. Additionally, organizations should consider implementing web application firewalls and input filtering mechanisms as additional defensive layers against this class of vulnerability.