CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.

Published: Aug 27, 2025
Updated: Aug 28, 2025
CVE: CVE-2025-51667
GHSA: GHSA-f2m2-4q6r-cwc4
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
github.com/suyuan32/simple-admin-core	1.2.0	1.6.8

https://gist.github.com/66Giraffe66/fc258f7fcc65a6a1a1a01e217977b92d
https://github.com/suyuan32/simple-admin-core/commit/f1e2c4f3c55cd5953ad7f7b0706df48adaaeb18a
https://github.com/suyuan32/simple-admin-core/issues/333

Vulnerability Database

CVE-2025-51667