CVE-2025-3751 - Vulnerability Details - OpenCVE

The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/

History

Wed, 21 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 21 May 2025 18:30:00 +0000

Type	Values Removed	Values Added
Description		The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
Title		TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability
Weaknesses		CWE-89
References		https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/
Metrics		cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2025-05-21T18:12:59.133Z

Updated: 2025-05-21T19:47:52.175Z

Reserved: 2025-04-16T21:17:10.801Z

Link: CVE-2025-3751

Vulnrichment

Updated: 2025-05-21T19:47:46.880Z

NVD

Status : Awaiting Analysis

Published: 2025-05-21T19:16:08.590

Modified: 2025-05-21T20:24:58.133

Link: CVE-2025-3751

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3751", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2025-04-16T21:17:10.801Z", "datePublished": "2025-05-21T18:12:59.133Z", "dateUpdated": "2025-05-21T19:47:52.175Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["TIBCO Administrator"], "product": "TIBCO ActiveMatrix BusinessWorks", "vendor": "TIBCO Software Inc", "versions": [{"lessThan": "HF-01", "status": "affected", "version": "5.16.1", "versionType": "Patch"}]}], "datePublic": "2025-05-13T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information</span><br>"}], "value": "The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2025-05-21T18:12:59.133Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/"}], "source": {"discovery": "UNKNOWN"}, "title": "TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T19:47:30.311785Z", "id": "CVE-2025-3751", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T19:47:52.175Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3751", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2025-04-16T21:17:10.801Z", "datePublished": "2025-05-21T18:12:59.133Z", "dateUpdated": "2025-05-21T19:47:52.175Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["TIBCO Administrator"], "product": "TIBCO ActiveMatrix BusinessWorks", "vendor": "TIBCO Software Inc", "versions": [{"lessThan": "HF-01", "status": "affected", "version": "5.16.1", "versionType": "Patch"}]}], "datePublic": "2025-05-13T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information</span><br>"}], "value": "The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2025-05-21T18:12:59.133Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/"}], "source": {"discovery": "UNKNOWN"}, "title": "TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3751", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-21T19:47:30.311785Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T19:47:46.880Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information"}], "id": "CVE-2025-3751", "lastModified": "2025-05-21T20:24:58.133", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2025-05-21T19:16:08.590", "references": [{"source": "security@tibco.com", "url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@tibco.com", "type": "Secondary"}]}