Nimrod, SQL Injection, CVE-2025-3323 (Critical)

By /

How CVE-2025-3323 Works

This vulnerability exists in `ViewMenuCategoryRestController.java` of Nimrod 0.8 due to improper sanitization of the `Name` parameter. Attackers can inject malicious SQL queries through this parameter, leading to unauthorized database access. The flaw occurs because user-supplied input is directly concatenated into SQL statements without proper escaping or prepared statements. Remote exploitation is possible, allowing attackers to exfiltrate, modify, or delete sensitive data. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) confirms network-based attacks with low complexity and high impact on confidentiality, integrity, and availability.

DailyCVE Form

Platform: Nimrod
Version: 0.8
Vulnerability: SQL Injection
Severity: Critical
Date: 04/07/2025

What Undercode Say:

Exploitation

import requests
target = "http://victim.com/api/categories"
payload = "' OR 1=1; --"
response = requests.get(target, params={"Name": payload})
print(response.text)

Detection

SELECT FROM audit_log WHERE query LIKE '%OR 1=1%';

Mitigation

1. Use prepared statements:

String query = "SELECT FROM categories WHERE name = ?";
PreparedStatement stmt = connection.prepareStatement(query);
stmt.setString(1, userInput);

2. Input validation:

if (!userInput.matches("[a-zA-Z0-9\s]+")) {
throw new IllegalArgumentException("Invalid input");
}

3. WAF rules:

location /api/ {
modsecurity_rules 'SecRule ARGS "@detectSQLi" "id:1000,deny,status:403"';
}

4. Patch upgrade:

wget https://patch.nimrod.dev/0.8.1-hotfix.tar.gz
tar -xzvf 0.8.1-hotfix.tar.gz
./apply_patch.sh

Analytics

  • Exploitability: High (public PoC available)
  • Affected Systems: All Nimrod 0.8 instances with REST API exposed
  • Data at Risk: Credentials, session tokens, PII
  • Attack Surface: HTTP GET/POST requests to `/api/categories`

Log Analysis

grep "ViewMenuCategoryRestController" /var/log/nimrod/access.log | grep -E "OR\s+1=1|UNION|SELECT"

Network Protection

iptables -A INPUT -p tcp --dport 8080 -m string --string "UNION SELECT" --algo bm -j DROP

Database Hardening

REVOKE DELETE, DROP ON . FROM 'nimrod_user'@'%';

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-3323
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top