{"id":32178,"date":"2025-04-26T18:30:48","date_gmt":"2025-04-26T18:30:48","guid":{"rendered":""},"modified":"2025-05-14T11:03:47","modified_gmt":"2025-05-14T11:03:47","slug":"cve-2025-32824-critical-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32824-critical-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-32824: Critical SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity landscape is ever-evolving, and our focus today is on a critical vulnerability identified in TeleControl Server Basic, a widely used application in the IT industry. Identified as CVE-2025-32824, this vulnerability poses a significant threat to organizations that have not updated their systems to the latest version (V3.1.2.2).
\nThe exploit gives attackers the ability to bypass authorization controls, read and write to the application’s database, and execute code<\/a> with NT AUTHORITYNetworkService permissions. The issue lies within the internally used ‘UnlockProject’ method, which is susceptible to SQL injection<\/a> attacks. Given the potential for system<\/a> compromise and data leakage, it’s crucial that organizations understand and act upon this threat accordingly.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-32824
\nSeverity: Critical (8.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n