Skip to main content
CVE Vulnerability Database

CVE-2025-8705: Wanzhou WOES Energy System SQLi Flaw

CVE-2025-8705 is a critical SQL injection vulnerability in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 affecting the Energy Overview Module. This article covers the technical details, exploit information, and mitigation.

Published:

CVE-2025-8705 Overview

CVE-2025-8705 is a SQL injection vulnerability in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. The flaw affects the /WEAS_HomePage/GetTargetConfig endpoint within the Energy Overview Module. Attackers can manipulate the BP_ProID parameter to inject arbitrary SQL statements. The vulnerability is exploitable remotely and requires low-privileged authentication. Public disclosure of the exploit technique has occurred, increasing the risk of opportunistic abuse against exposed instances. The weakness is categorized under [CWE-74] Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection).

Critical Impact

Authenticated remote attackers can inject SQL queries through the BP_ProID parameter, potentially exposing or modifying data within the WOES backend database.

Affected Products

  • Wanzhou WOES Intelligent Optimization Energy Saving System 1.0
  • Energy Overview Module — /WEAS_HomePage/GetTargetConfig endpoint
  • Deployments exposing the affected endpoint to untrusted networks

Discovery Timeline

  • 2025-08-08 - CVE-2025-8705 published to NVD
  • 2026-04-29 - Last updated in NVD database

Technical Details for CVE-2025-8705

Vulnerability Analysis

The vulnerability resides in the GetTargetConfig handler exposed at /WEAS_HomePage/GetTargetConfig within the Energy Overview Module. The handler accepts a BP_ProID argument and incorporates it into a backend SQL query without proper neutralization. An authenticated attacker with low privileges can supply crafted input containing SQL metacharacters to alter query semantics. Successful exploitation can disclose stored configuration data, energy telemetry, and potentially user-related records. Depending on database permissions, attackers may also modify or delete records served by the application. The exploit technique has been publicly disclosed through VulDB and a GitHub issue tracker, lowering the barrier for adversarial reuse.

Root Cause

The root cause is the direct concatenation of the BP_ProID request parameter into a SQL query string. The application does not apply parameterized queries, prepared statements, or input validation before forwarding the value to the database driver. This pattern is a classic instance of [CWE-74] injection, in which untrusted input crosses a trust boundary into a downstream interpreter.

Attack Vector

The attack vector is network-based and requires the attacker to authenticate to the WOES web interface with low-privilege credentials. The attacker issues an HTTP request to /WEAS_HomePage/GetTargetConfig and supplies a malicious BP_ProID value containing SQL syntax such as boolean conditions, UNION clauses, or time-based payloads. The backend database executes the injected fragment as part of the original query. No user interaction is required beyond the attacker's own session.

No verified proof-of-concept code is published in authoritative vendor channels. Refer to the VulDB advisory #319134 and the GitHub issue tracker entry for technical context.

Detection Methods for CVE-2025-8705

Indicators of Compromise

  • HTTP requests to /WEAS_HomePage/GetTargetConfig containing SQL metacharacters such as single quotes, UNION, SLEEP(, --, or /* in the BP_ProID parameter
  • Database error messages or unusually long response times tied to requests against the GetTargetConfig endpoint
  • Repeated authenticated requests from a single source iterating BP_ProID values in short succession

Detection Strategies

  • Inspect web server and application logs for anomalous BP_ProID payloads, focusing on non-numeric characters where an identifier is expected
  • Deploy web application firewall rules that flag SQL injection patterns targeting the WEAS_HomePage path
  • Correlate authenticated session activity with downstream database query anomalies, including unexpected UNION SELECT statements or queries against system catalogs

Monitoring Recommendations

  • Forward WOES application and database logs to a centralized analytics platform for retention and search
  • Alert on outbound data volume spikes from the WOES database server that could indicate bulk extraction
  • Track failed and successful logins to the WOES application to identify credential abuse preceding injection attempts

How to Mitigate CVE-2025-8705

Immediate Actions Required

  • Restrict network access to the WOES management interface so it is reachable only from trusted administrative networks or via VPN
  • Rotate credentials for all WOES accounts and enforce strong, unique passwords to reduce the risk of authenticated exploitation
  • Review WOES application and database logs for prior requests to /WEAS_HomePage/GetTargetConfig containing suspicious BP_ProID values

Patch Information

No vendor advisory or patch from Wanzhou is listed in the available references for CVE-2025-8705. Operators should monitor vendor channels for an official fix and apply it once released. Until a patch is available, compensating controls described below should be implemented.

Workarounds

  • Block or filter requests to /WEAS_HomePage/GetTargetConfig at a reverse proxy or web application firewall when the BP_ProID parameter contains non-numeric characters
  • Apply least-privilege database accounts so the WOES service account cannot read sensitive tables or execute administrative SQL statements
  • Remove or disable WOES user accounts that are no longer required to limit the pool of credentials usable for authenticated injection

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.