{"id":31620,"date":"2025-04-26T03:25:36","date_gmt":"2025-04-26T03:25:36","guid":{"rendered":""},"modified":"2025-09-16T12:32:25","modified_gmt":"2025-09-16T18:32:25","slug":"cve-2025-30003-high-severity-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-30003-high-severity-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-30003: High Severity SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

We are discussing a high severity SQL injection vulnerability identified as CVE-2025-30003, which affects all versions of TeleControl Server Basic prior to V3.1.2.2. This vulnerability is significant as it allows an authenticated remote attacker to bypass authorization controls, thus enabling them to read and write to the application’s database. This constitutes a significant security risk, as it can potentially enable system<\/a> compromise or data leakage.
\nThe vulnerability is of particular concern to organizations that use TeleControl Server<\/a> Basic for their operations as it exposes their systems to potential cyber attacks. The vulnerability is exploitable through the internally used ‘UpdateProjectConnections’ method and requires the attacker to have access to port 8000 on a system where a vulnerable version of the application is executed<\/a> on.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-30003
\nSeverity: High – 8.8 (CVSS score)
\nAttack Vector: Network
\nPrivileges Required: Low (Authenticated user<\/a>)
\nUser Interaction: Required
\nImpact: System Compromise, Data Leakage<\/a><\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n