{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67829", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-19T14:01:44.039Z", "dateReserved": "2025-12-12T00:00:00.000Z", "datePublished": "2026-03-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T15:59:52.275Z"}, "descriptions": [{"lang": "en", "value": "Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:58:22.570272Z", "id": "CVE-2025-67829", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:01:44.039Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67829", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T13:58:22.570272Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:01:04.516Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014"}], "descriptions": [{"lang": "en", "value": "Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T15:59:52.275Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67829", "state": "PUBLISHED", "dateUpdated": "2026-03-19T14:01:44.039Z", "dateReserved": "2025-12-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-18T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:murasoftware:mura_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8B87F3E-F3CD-442F-90DC-85BF9480F02A", "versionEndExcluding": "10.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection."}], "id": "CVE-2025-67829", "lastModified": "2026-03-20T18:08:44.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-18T16:16:24.190", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.1.14)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mura_cms", "vendor": "murasoftware"}], "analysis": {"en": {"generated_at": "2026-03-20T20:51:25.741387+00:00", "value": {"mitigation_remediation": ["Upgrade Mura CMS to version 10.1.14 or later"], "summary": {"action": "Patch", "impact": "SQL Injection via Unparameterized Sort Direction"}, "threat_synthesis": {"affected_systems": "The issue impacts all installations of Mura CMS older than version 10.1.14, irrespective of the operating system or web server. Any environment that exposes the beanFeed.cfc endpoint over HTTP or HTTPS is vulnerable, so administrators should check the CMS version and confirm whether they are on a vulnerable release.", "description_and_impact": "Mura CMS version 10.1.13 and earlier implement a beanFeed.cfc component that constructs an SQL query using a client\u2011supplied sortDirection value without parameterization. This flaw permits an unauthenticated remote attacker to inject arbitrary SQL into the ORDER BY clause, which can lead to data exfiltration, modification, or deletion from the underlying database. The vulnerability corresponds to CWE\u201189, improper neutralization of special elements used in an SQL command.", "risk_and_exploitability": "With a CVSS score of 9.8, the vulnerability is considered critical, granting full database access. The EPSS score is below 1%, indicating a low probability of recent exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires only that an attacker sends a crafted HTTP request containing a malicious sortDirection parameter to the beanFeed.cfc endpoint; no authentication or privileged credentials are needed."}}}}, "created": "2026-03-19T08:57:06.937752+00:00", "title": "SQL Injection via Unparameterized Sort Direction in Mura CMS beanFeed.cfc", "updated": "2026-03-24T10:54:08.135875+00:00", "vendors": ["murasoftware", "murasoftware$PRODUCT$mura_cms"]}