PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-70397 jizhicms CVE debrief

A PatchSiren debrief for CVE-2025-70397 indicates jizhicms 2.5.6 is vulnerable to SQL Injection. This issue exists in the Article/deleteAll and Extmolds/deleteAll endpoints via the data parameter. The vulnerability has a CVSS score of 7.2 and is classified as HIGH. The CVE record was published on 2026-02-17T16:20:25.467Z and last modified on 2026-07-05T02:17:39.107Z. The NVD entry is currently Modified. System administrators and security professionals responsible for jizhicms installations should be aware of this vulnerability. Given the HIGH severity and potential for SQL injection attacks, immediate attention is required to assess and mitigate risk. The vulnerability allows attackers to execute arbitrary SQL queries, potentially leading to data breaches, system compromise, or other malicious activities.

Vendor
jizhicms
Product
jizhicms
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-17
Original CVE updated
2026-07-05
Advisory published
2026-02-17
Advisory updated
2026-07-05

Who should care

System administrators and security professionals responsible for jizhicms installations should be aware of this vulnerability. Given the HIGH severity and potential for SQL injection attacks, immediate attention is required to assess and mitigate risk.

Technical summary

CVE-2025-70397 is a SQL injection vulnerability in jizhicms version 2.5.6. The vulnerability affects the Article/deleteAll and Extmolds/deleteAll endpoints, specifically through the data parameter. This allows attackers to execute arbitrary SQL queries, potentially leading to data breaches, system compromise, or other malicious activities. The CVSS:3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a High severity score of 7.2.

Defensive priority

High

Recommended defensive actions

  • Inventory and assess jizhicms installations for version 2.5.6
  • Apply vendor patches or updates if available
  • Implement compensating controls such as web application firewalls (WAFs) to detect and prevent SQL injection attempts
  • Monitor for suspicious database activity
  • Consider upgrading to a newer version of jizhicms if available

Evidence notes

The CVE record was published on 2026-02-17T16:20:25.467Z and last modified on 2026-07-05T02:17:39.107Z. The NVD entry is currently Modified. The vulnerability details are based on information from official sources, including the CVE.org record and NVD detail page.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-17T16:20:25.467Z and has not been modified since then. The NVD entry is currently Modified.