CVE-2025-70397 in jizhiCMS
Summary
by MITRE • 02/17/2026
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/21/2026
The vulnerability identified as CVE-2025-70397 affects jizhicms version 2.5.6 and represents a critical SQL injection flaw that compromises the database integrity of affected systems. This vulnerability specifically manifests within the Article/deleteAll and Extmolds/deleteAll endpoints, where the application fails to properly sanitize user input passed through the data parameter. The weakness creates an exploitable condition where malicious actors can inject arbitrary SQL commands into the database query execution flow, potentially enabling unauthorized data access, modification, or destruction. The vulnerability stems from insufficient input validation and parameter sanitization mechanisms within the content management system's administrative interfaces.
The technical exploitation of this vulnerability occurs when an attacker crafts malicious input within the data parameter of the targeted endpoints. The application processes this input directly into SQL queries without proper escaping or parameterization, allowing attackers to manipulate the intended database operations. This flaw aligns with CWE-89 which categorizes SQL injection vulnerabilities as weaknesses in software that allows attackers to execute arbitrary SQL commands. The vulnerability can be classified under the ATT&CK technique T1190 - Proxy Execution, as it enables attackers to leverage the application's legitimate database access mechanisms to perform unauthorized operations. The attack vector specifically targets the application's administrative functionality, where the data parameter is processed through a vulnerable code path that lacks proper input sanitization.
The operational impact of CVE-2025-70397 extends beyond simple data theft to encompass complete database compromise and potential system takeover. Successful exploitation could allow attackers to extract sensitive information including user credentials, personal data, and system configurations from the jizhicms database. The vulnerability also enables attackers to modify or delete content, potentially causing service disruption and data corruption. In a broader context, this vulnerability could serve as a stepping stone for further attacks within the network, particularly if the compromised system has access to other internal resources. The vulnerability affects organizations using jizhicms 2.5.6 for content management, potentially exposing websites and web applications to unauthorized modifications and data breaches.
Mitigation strategies for CVE-2025-70397 should focus on immediate patching of the jizhicms application to version 2.5.7 or later, which contains the necessary fixes for the SQL injection vulnerability. Organizations should implement proper input validation and parameterized queries in all database interactions, ensuring that user-supplied data is properly escaped before being incorporated into SQL statements. Network segmentation and access controls should be enforced to limit administrative access to the affected endpoints, reducing the attack surface. Security monitoring should be enhanced to detect unusual database query patterns that might indicate exploitation attempts. Additionally, implementing web application firewalls and database activity monitoring solutions can help identify and block malicious SQL injection attempts. The vulnerability demonstrates the critical importance of maintaining up-to-date software components and following secure coding practices that prevent injection vulnerabilities, particularly in administrative interfaces where elevated privileges are granted.