CVE-2025-7888 | TDuckCloud tduck-platform 5.1 UserFormDataMapper.java UserFormDataMapper formKey sql injection

A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection.

The identification of this vulnerability is CVE-2025-7888. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More