{"id":32888,"date":"2025-04-28T05:43:08","date_gmt":"2025-04-28T05:43:08","guid":{"rendered":""},"modified":"2025-05-12T12:19:36","modified_gmt":"2025-05-12T12:19:36","slug":"cve-2025-32856-high-risk-sql-injection-vulnerability-in-telecontrol-server-basic","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-32856-high-risk-sql-injection-vulnerability-in-telecontrol-server-basic\/","title":{"rendered":"CVE-2025-32856: High-Risk SQL Injection Vulnerability in TeleControl Server Basic<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A new high-risk vulnerability, CVE-2025-32856, has been identified in TeleControl Server Basic, a widely used industrial control system. This vulnerability poses a significant risk to businesses using versions prior to V3.1.2.2. It can potentially allow an authenticated remote attacker to manipulate the application’s database, bypassing authorization controls, and even execute code<\/a>. This can lead to severe consequences, such as system compromise or data leakage<\/a>.
\nThis vulnerability is especially concerning because of its high severity<\/a> score (8.8), signifying that exploited systems could suffer significant impact. Companies using the affected versions of TeleControl Server Basic<\/a> are strongly advised to patch their systems or apply mitigation strategies as soon as possible.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-32856
\nSeverity: High, CVSS score of 8.8
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potentially complete system compromise, data leakage, and unauthorized code execution<\/a><\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n