CVE-2025-8311 in Cloud Servicesinfo

Summary

by MITRE • 09/04/2025

dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. This endpoint uses the sites query parameter, which accepts a comma-separated list of site identifiers or keys.

The vulnerability was triggered via the sites parameter, which was directly concatenated into a SQL query without proper sanitization.

Exploitation allowed an authenticated attacker with low privileges to extract data from database, perform privilege escalation, or trigger denial-of-service conditions.

The vulnerability was verified using tools such as SQLMap and confirmed to allow full database exfiltration and potential denial-of-service conditions via crafted payloads.

The vulnerability is fixed in the following versions of dotCMS stack: 25.08.14 / 25.07.10-1v2 LTS / 24.12.27v10 LTS / 24.04.24v21 LTS

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 09/17/2025

The vulnerability CVE-2025-8311 represents a critical Boolean-based blind SQL injection flaw discovered in dotCMS content management platform versions 24.03.22 and later. This security weakness resides within the /api/v1/contenttype endpoint which processes the sites query parameter containing comma-separated site identifiers or keys. The flaw stems from improper input validation and sanitization where the sites parameter is directly concatenated into SQL queries without adequate protection mechanisms. Such implementation violates fundamental security principles and creates a pathway for malicious exploitation through crafted input sequences that manipulate the underlying database queries.

The technical exploitation of this vulnerability occurs through careful manipulation of the sites parameter to construct Boolean-based SQL injection payloads. When an authenticated attacker with minimal privileges submits malicious input through this parameter, the system processes the unvalidated data directly within the database query execution context. This allows for systematic data extraction through time-based or Boolean-based techniques where the attacker can infer database contents by observing application behavior responses. The vulnerability's impact extends beyond simple data theft to include potential privilege escalation opportunities and denial-of-service conditions that can severely compromise system availability and integrity.

From an operational perspective, this vulnerability poses significant risks to organizations relying on dotCMS platforms as it enables attackers to perform comprehensive database reconnaissance and exfiltration operations. The fact that exploitation can occur with low-privilege authenticated access makes this particularly dangerous in environments where user access controls may not be properly enforced. The confirmed capability for full database exfiltration through tools like SQLMap demonstrates the severity of the flaw and its potential to expose sensitive organizational data. Additionally, the vulnerability's ability to trigger denial-of-service conditions through crafted payloads can result in system unavailability and business disruption.

Security mitigations for CVE-2025-8311 require immediate implementation of proper input validation and parameterized query construction techniques to prevent direct SQL query concatenation. Organizations should upgrade to the fixed versions 25.08.14, 25.07.10-1v2 LTS, 24.12.27v10 LTS, or 24.04.24v21 LTS as recommended by the vendor. The vulnerability aligns with CWE-89 which specifically addresses SQL injection weaknesses in software applications and represents a clear violation of the principle of least privilege and secure coding practices. From an ATT&CK framework perspective, this vulnerability maps to T1071.004 (Application Layer Protocol: DNS) and T1566 (Phishing) as attackers may leverage this flaw to escalate privileges and move laterally within compromised systems, while also demonstrating the importance of input sanitization controls in preventing data exposure through injection attacks.

Responsible

dotCMS

Reservation

07/29/2025

Disclosure

09/04/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.01558

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!