{"id":72773,"date":"2025-09-08T03:13:15","date_gmt":"2025-09-08T03:13:15","guid":{"rendered":""},"modified":"2025-10-17T10:37:15","modified_gmt":"2025-10-17T16:37:15","slug":"cve-2025-57140-high-severity-sql-injection-vulnerability-in-rsbi-pom-4-7","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-57140-high-severity-sql-injection-vulnerability-in-rsbi-pom-4-7\/","title":{"rendered":"<strong>CVE-2025-57140: High Severity SQL Injection Vulnerability in rsbi-pom 4.7<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>Cybersecurity threats are continuously evolving, and one of the most recent vulnerabilities identified is CVE-2025-57140, affecting rsbi-pom 4.7. This vulnerability is of particular concern due to its high severity score and the potential for system compromise or data leakage. It opens the door for attackers to exploit <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30998-sql-injection-vulnerability-in-rico-macchi-wp-links-page\/\"  data-wpil-monitor-id=\"80499\">SQL Injection<\/a> in the \/bi\/service\/model\/DatasetService path. Anyone using rsbi-pom 4.7 should take immediate action to mitigate this severe <a href=\"https:\/\/www.ameeba.com\/blog\/introducing-the-ameeba-cybersecurity-group-chat\/\"  data-wpil-monitor-id=\"88524\">cybersecurity<\/a> risk.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-57140<br \/>\nSeverity: High (CVSS: 9.8)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5997-privileged-api-misuse-leads-to-potential-system-compromise-in-beamsec-phishpro\/\"  data-wpil-monitor-id=\"80826\">Potential system compromise<\/a> or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-180268193\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>rsbi-pom | 4.7<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52823-sql-injection-vulnerability-in-cube-portfolio\/\"  data-wpil-monitor-id=\"80357\">vulnerability is a SQL Injection<\/a> flaw. It occurs when an application, in this case, rsbi-pom 4.7, does not properly sanitize user-supplied inputs before using them in SQL queries. As a result, attackers can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-32640-critical-sql-injection-vulnerability-in-masa-cms\/\"  data-wpil-monitor-id=\"80501\">inject arbitrary SQL<\/a> code into the \/bi\/service\/model\/DatasetService path. The injected <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50177-code-execution-vulnerability-in-windows-message-queuing\/\"  data-wpil-monitor-id=\"80550\">code is executed<\/a> by the database engine, potentially leading to unauthorized read or write access to the database, system compromise, or even data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2417085520\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a hypothetical example of how an attacker might exploit this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8714-critical-postgresql-vulnerability-allowing-malicious-code-injection-by-superusers\/\"  data-wpil-monitor-id=\"80638\">vulnerability using a malicious<\/a> SQL statement in an HTTP request:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/bi\/service\/model\/DatasetService HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{\n&quot;dataset&quot;: &quot;users&quot;,\n&quot;filters&quot;: &quot;1=1; DROP TABLE users;&quot;\n}<\/code><\/pre>\n<p>In the code example above, the attacker is attempting to delete the &#8216;users&#8217; table from the database by <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54678-sql-injection-vulnerability-in-easy-form-builder\/\"  data-wpil-monitor-id=\"80502\">injecting a &#8216;DROP TABLE&#8217; SQL<\/a> statement.<\/p>\n<p><strong>Mitigation and Prevention<\/strong><\/p>\n<p>The most immediate <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30519-default-root-credentials-vulnerability-in-dover-fueling-solutions-progauge-maglink-lx4-devices\/\"  data-wpil-monitor-id=\"90217\">solution to this vulnerability<\/a> is to apply the vendor-supplied patch. If that is not immediately possible, a temporary mitigation would be to use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) to block malicious inputs. Additionally, good security practices such as least privilege user access and regular software updates can further reduce the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55293-high-risk-vulnerability-in-meshtastic-s-mesh-networking-solution\/\"  data-wpil-monitor-id=\"81328\">risk of this and similar vulnerabilities<\/a>.<br \/>\nTo conclude, the CVE-2025-57140 <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50594-critical-password-reset-vulnerability-in-danphe-health-hospital-management-system-emr-3-2\/\"  data-wpil-monitor-id=\"80445\">vulnerability is a serious threat to any system<\/a> running rsbi-pom 4.7. Users of the software should take immediate actions to apply the vendor patch or employ temporary mitigation measures.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview Cybersecurity threats are continuously evolving, and one of the most recent vulnerabilities identified is CVE-2025-57140, affecting rsbi-pom 4.7. This vulnerability is of particular concern due to its high severity score and the potential for system compromise or data leakage. It opens the door for attackers to exploit SQL Injection in the \/bi\/service\/model\/DatasetService path. Anyone [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[74],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-72773","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-sql-injection"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/72773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=72773"}],"version-history":[{"count":11,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/72773\/revisions"}],"predecessor-version":[{"id":83108,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/72773\/revisions\/83108"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=72773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=72773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=72773"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=72773"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=72773"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=72773"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=72773"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=72773"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=72773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}