{"id":32694,"date":"2025-04-27T18:39:18","date_gmt":"2025-04-27T18:39:18","guid":{"rendered":""},"modified":"2025-05-19T11:36:42","modified_gmt":"2025-05-19T11:36:42","slug":"cve-2025-32848-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32848-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-32848: SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A critical security vulnerability, CVE-2025-32848, has been discovered in all versions of TeleControl Server Basic prior to V3.1.2.2. The vulnerability is a severe SQL injection flaw that could allow an attacker to bypass authorization controls, manipulate the application’s database, and potentially execute arbitrary code. This vulnerability is particularly concerning as it affects a wide range of systems and, if successfully exploited, could lead to system<\/a> compromise or data leakage.
\nThe vulnerability is critical<\/a> due to its potential to give an attacker access to sensitive data and system resources. As such, it is highly recommended that all organizations and individuals using the affected versions of TeleControl Server Basic<\/a> take immediate action to mitigate this risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-32848
\nSeverity: High (8.8 CVSS)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n