CVE-2025-26852 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection in DESCOR INFOCAD. <br>💥 **Consequences**: Full system compromise. Attackers can steal, modify, or delete data. Critical integrity and availability risks.

🛡️ **Root Cause**: **CWE-89** (Improper Neutralization of Special Elements used in an SQL Command). <br>🔍 **Flaw**: Unsanitized user input directly executed in database queries.

🏢 **Vendor**: Descor. <br>📦 **Product**: INFOCAD FM (BIM & Facility Management). <br>📉 **Affected**: Versions **3.5.1 and earlier**.

🕵️ **Privileges**: High. <br>📂 **Data**: Full access to sensitive BIM and facility management data. <br>⚠️ **Impact**: Complete confidentiality, integrity, and availability loss (CVSS H).

🔓 **Threshold**: **LOW**. <br>🌐 **Network**: Attack Vector is Network (AV:N). <br>🔑 **Auth**: No Privileges Required (PR:N). <br>👀 **UI**: No User Interaction needed (UI:N).

📜 **Exploit**: Public references exist (Changelog). <br>🚫 **PoC**: No specific PoC code provided in data. <br>⚠️ **Risk**: Likely exploitable given CVSS 3.1/AV:N/AC:L.

🔍 **Check**: Scan for SQL injection patterns in web inputs. <br>🛠️ **Tool**: Use SQLMap or similar DAST tools on INFOCAD FM endpoints. <br>📋 **Verify**: Check installed version against 3.5.1.

🩹 **Fix**: Update to a version **newer than 3.5.1**. <br>📢 **Source**: Check Descor's official changelog for the patch. <br>✅ **Status**: Patch available via vendor update.

🚧 **Workaround**: Implement strict input validation. <br>🛡️ **Defense**: Use Web Application Firewall (WAF) rules to block SQL syntax. <br>🔒 **Limit**: Restrict network access to the application if possible.

🔥 **Urgency**: **CRITICAL**. <br>📅 **Priority**: Immediate action required. <br>🚀 **Reason**: High CVSS score, no auth needed, network-accessible. Patch ASAP.