{"id":69784,"date":"2025-09-01T05:16:28","date_gmt":"2025-09-01T05:16:28","guid":{"rendered":""},"modified":"2025-10-21T05:20:48","modified_gmt":"2025-10-21T11:20:48","slug":"cve-2025-52085-sql-injection-vulnerability-in-yoosee-application","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-52085-sql-injection-vulnerability-in-yoosee-application\/","title":{"rendered":"CVE-2025-52085: SQL Injection Vulnerability in Yoosee Application<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-52085 is a critical SQL Injection vulnerability discovered in the Yoosee application version 6.32.4. This vulnerability poses a significant threat to organizations and individuals who use the Yoosee application, as it allows an authenticated attacker to inject arbitrary SQL queries via a request to a backend API endpoint.
\nThe implications of this vulnerability are severe<\/a>, as successful exploitation leads to the extraction of sensitive database information. This extracted data<\/a> can include the database server banner and version, the current database user and schema, the current DBMS user privileges, and arbitrary data from any table. Therefore, it is crucial for users and administrators of the Yoosee application to understand this vulnerability<\/a> and implement appropriate mitigation measures.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-52085
\nSeverity: High (8.8)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Potential system<\/a> compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n