{"id":30077,"date":"2025-04-23T20:59:03","date_gmt":"2025-04-23T20:59:03","guid":{"rendered":""},"modified":"2025-06-23T23:24:06","modified_gmt":"2025-06-24T05:24:06","slug":"cve-2025-27539-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-27539-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-27539: SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity landscape is under constant threat from various vulnerabilities. One such vulnerability that poses a significant risk to the security of computer systems is CVE-2025-27539. This vulnerability affects all versions of TeleControl Server<\/a> Basic below version V3.1.2.2. This vulnerability is particularly concerning because it enables an unauthenticated remote attacker to bypass authorization controls, read from, and write to the application’s database and execute code<\/a> with “NT AUTHORITYNetworkService” permissions.
\nGiven the widespread use of TeleControl Server Basic across various organizations, this vulnerability, if exploited, could potentially lead<\/a> to a system compromise or data leakage. Therefore, understanding the nature of this vulnerability, how it works, and the steps that can be taken to mitigate it is essential for all cybersecurity<\/a> professionals and system administrators.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-27539
\nSeverity: Critical (9.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n