About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Weaver E-cology is a business collaboration and office automation platform widely used in HR, finance, administration, and mobile workflows.
In June 2025, a major SQL injection vulnerability was patched by Weaver. If exploited, this flaw can allow attackers to bypass authentication and even gain full control of the target server. Organizations running affected versions should patch immediately.
Vulnerability Overview
Cause
The E-cology backend was found to directly concatenate user-controlled input into SQL statements without proper sanitization. This leads to a classic SQL injection vulnerability.
If an attacker supplies a malicious payload, it may allow:
- Arbitrary SQL command execution
- Information disclosure
- (On SQL Server) Remote Code Execution (RCE) via
Ole Automation Procedures, potentially writing a web shell to the server
Severity
| Field | Info |
|---|---|
| CVE Status | Not assigned yet |
| Vulnerability Type | SQL Injection |
| Impact | High β potential RCE |
| Attack Vector | Remote (No Auth Required) |
| User Interaction | None |
| Affected Config | Default |
| Public Exploit | No POC/EXP released |
| Fix Complexity | Low β patch available |
Affected Versions
- E-cology 9.x
- Specifically, versions prior to v10.75
Mitigation & Patch
Temporary Workaround
- Restrict external network access (e.g., through firewalls)
- Do not expose the system directly to the internet unless absolutely necessary
Official Patch
Weaver has released a patch package that supports both online upgrade and offline installation. Download here:
π https://www.weaver.com.cn/cs/securityDownload.html?src=cn
Reproduction Status
The vulnerability has been successfully reproduced in the lab. Exploitation is possible under default configurations.
Product Detection Support
| Product | Support Status |
|---|---|
| YunTu | Fingerprint + POC detection |
| DongJian | Custom POC support ETA: 2025.6.17 |
| SafeLine | Built-in detection supported |
| QuanXi | Built-in detection supported |
Timeline
- June 17, 2025 β Vulnerability publicly disclosed by Chaitin Security Response Center
Stay alert and patch early β this oneβs serious.
Top comments (0)