CVE-2025-29085
published 2025-04-02CVE-2025-29085: SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
29.13%
97.9th percentile
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by matching the error string 'java.sql.SQLException: XPATH syntax error: \'' in HTTP response bodies to the vulnerable endpoint. ↗
- →Monitor HTTP GET requests to /console/dashboard/executorCount with a zkClusterKey parameter containing SQL injection payloads, particularly those using extractvalue() and concat() functions with 0x0a hex encoding. ↗
- →The vulnerability is unauthenticated (PR:N), so no session/auth token is required — flag any unauthenticated requests to the executorCount endpoint with SQL metacharacters in zkClusterKey. ↗
- ·Vulnerability affects Vipshop Saturn Console version 3.5.1 and all prior versions; version 3.5.2+ is not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
osv·2025-04-02
CVE-2025-29085 [HIGH] Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
GHSA
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
ghsa·2025-04-02
CVE-2025-29085 [HIGH] CWE-89 Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
Vipshop Saturn Console Vulnerable to SQL Injection via ClusterKey Component
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
VulnCheck
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2025·CVSS 9.8
CVE-2025-29085 [CRITICAL] Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
Affected: vipshop Saturn
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2025-29085
No detection rules found.
Nuclei
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
nuclei·CVSS 9.8
CVE-2025-29085 [CRITICAL] Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
Template:
id: CVE-2025-29085
info:
name: Vipshop Saturn Console <= 3.5.1 - SQL Injection via ClusterKey Component
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component.
impact: |
Unauthenticated attackers can execute arbitrary SQL queries through the zkClusterKey parameter, potentially extracting sensitive database information and compromising Satu
No writeups or analysis indexed.
2025-04-02
Published
Exploited in the wild