{"id":31815,"date":"2025-04-26T06:26:45","date_gmt":"2025-04-26T06:26:45","guid":{"rendered":""},"modified":"2025-10-05T06:15:38","modified_gmt":"2025-10-05T12:15:38","slug":"cve-2025-30031-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-30031-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-30031: SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In this post, we will delve into an SQL injection vulnerability tagged as CVE-2025-30031 that has been found in all versions of TeleControl Server Basic preceding V3.1.2.2. This vulnerability can potentially compromise the system and cause data leakage, as it allows an authenticated remote attacker to bypass authorization controls. Given the widespread use of the application in question, the vulnerability is a matter of concern for a large number<\/a> of users, making its understanding and mitigation of utmost importance.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-30031
\nSeverity: High (8.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Bypass authorization controls, read and write to the application’s database, execute code<\/a> with “NT AUTHORITYNetworkService” permissions.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n