How severe is CVE-2025-2112?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-2112?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2025-2112 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilter of the file cn/javaex/yaoqishan/service/media_info/MediaInfoService.java. The manipulation of the argument typeId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-2980

MEDIUM

CVSS:6.3(Medium)

The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-For...

CWE-742016

CVE-2017-18389

MEDIUM

CVSS:6.3(Medium)

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

CWE-742017

CVE-2017-20196

MEDIUM

CVSS:6.3(Medium)

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argume...

CWE-742017

CVE-2018-25106

MEDIUM

CVSS:6.3(Medium)

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy...

CWE-742018

CVE-2019-10792

MEDIUM

CVSS:6.3(Medium)

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019

CVE-2019-10793

MEDIUM

CVSS:6.3(Medium)

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-742019