{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70024", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-12T13:34:00.522Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T20:32:04.157Z"}, "descriptions": [{"lang": "en", "value": "An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/benkeen"}, {"url": "https://github.com/benkeen/generatedata"}, {"url": "https://gist.github.com/zcxlighthouse/4983275f71824ff47b9bdca9de7cb36a"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T13:32:50.876699Z", "id": "CVE-2025-70024", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T13:34:00.522Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T13:32:50.876699Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T13:33:50.680Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/benkeen"}, {"url": "https://github.com/benkeen/generatedata"}, {"url": "https://gist.github.com/zcxlighthouse/4983275f71824ff47b9bdca9de7cb36a"}], "descriptions": [{"lang": "en", "value": "An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T20:32:04.157Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70024", "state": "PUBLISHED", "dateUpdated": "2026-03-12T13:34:00.522Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14."}, {"lang": "es", "value": "Un problema relacionado con CWE-89: Neutralizaci\u00f3n Incorrecta de Elementos Especiales utilizados en un Comando SQL fue descubierto en benkeen generatedata 4.0.14."}], "id": "CVE-2025-70024", "lastModified": "2026-04-27T19:18:46.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-11T21:16:13.213", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/zcxlighthouse/4983275f71824ff47b9bdca9de7cb36a"}, {"source": "cve@mitre.org", "url": "https://github.com/benkeen"}, {"source": "cve@mitre.org", "url": "https://github.com/benkeen/generatedata"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.0.14"}}], "enrichment": {"confidence": 85.0, "confidence_source": "inferred", "scores": [{"score": 85.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "generatedata", "vendor": "benkeen"}], "analysis": {"en": {"generated_at": "2026-03-17T15:01:49.218789+00:00", "value": {"mitigation_remediation": ["Check the Benkeen GitHub repository for a newer release that addresses this SQL injection vulnerability.", "If an updated version is available, upgrade Generatedata to that version immediately.", "If no patch exists, audit the code that builds SQL statements and replace string concatenation with prepared statements or parameterized queries.", "Implement strict input validation and sanitization on all user\u2011controlled parameters before use in SQL commands.", "Consider disabling or restricting any functionality that accepts raw SQL input from users."], "summary": {"action": "Immediate Patch", "impact": "SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected system is Benkeen Generatedata version 4.0.14. No other vendor or product versions have been identified in the CVE record.", "description_and_impact": "An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in Benkeen Generatedata 4.0.14. The vulnerability allows attackers to inject arbitrary SQL statements, potentially leading to unauthorized data access, modification, or deletion. This can compromise data confidentiality and integrity across the affected system.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this flaw as critical. Despite a very low EPSS probability (<1%) and absence from the CISA KEV listing, the potential for exploitation remains significant if an attacker can supply unsanitized input to the application. The vulnerability likely requires user\u2011provided input to generate the vulnerable SQL command, and could be exposed through any publicly accessible endpoint that constructs SQL queries without proper parameterization."}}}}, "created": "2026-03-12T10:06:42.737073+00:00", "title": "SQL Injection in Benkeen Generatedata 4.0.14", "updated": "2026-03-20T14:33:45.834775+00:00", "vendors": ["benkeen", "benkeen$PRODUCT$generatedata"]}