PatchSiren cyber security CVE debrief
CVE-2025-70397 jizhicms CVE debrief
A PatchSiren debrief for CVE-2025-70397 indicates jizhicms 2.5.6 is vulnerable to SQL Injection. This issue exists in the Article/deleteAll and Extmolds/deleteAll endpoints via the data parameter. The vulnerability has a CVSS score of 7.2 and is classified as HIGH. The CVE record was published on 2026-02-17T16:20:25.467Z and last modified on 2026-07-05T02:17:39.107Z. The NVD entry is currently Modified. System administrators and security professionals responsible for jizhicms installations should be aware of this vulnerability. Given the HIGH severity and potential for SQL injection attacks, immediate attention is required to assess and mitigate risk. The vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to data breaches, system compromise, or other malicious activities.
- Vendor
- jizhicms
- Product
- jizhicms
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-17
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-02-17
- Advisory updated
- 2026-07-05
Who should care
System administrators and security professionals responsible for jizhicms installations should be aware of this vulnerability. Given the HIGH severity and potential for SQL injection attacks, immediate attention is required to assess and mitigate risk.
Technical summary
CVE-2025-70397 is a SQL injection vulnerability in jizhicms version 2.5.6. The vulnerability affects the Article/deleteAll and Extmolds/deleteAll endpoints, specifically through the data parameter. This allows attackers to execute arbitrary SQL queries, potentially leading to data breaches, system compromise, or other malicious activities. The CVSS:3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a High severity score of 7.2.
Defensive priority
High
Recommended defensive actions
- Inventory and assess jizhicms installations for version 2.5.6
- Apply vendor patches or updates if available
- Implement compensating controls such as web application firewalls (WAFs) to detect and prevent SQL injection attempts
- Monitor for suspicious database activity
- Consider upgrading to a newer version of jizhicms if available
Evidence notes
The CVE record was published on 2026-02-17T16:20:25.467Z and last modified on 2026-07-05T02:17:39.107Z. The NVD entry is currently Modified. The vulnerability details are based on information from official sources, including the CVE.org record and NVD detail page.
Official resources
-
CVE-2025-70397 CVE record
CVE.org
-
CVE-2025-70397 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-17T16:20:25.467Z and has not been modified since then. The NVD entry is currently Modified.