CVE-2025-15088
ketr JEPaaS loadPostil postilService.loadPostils sql injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-89 CWE-74 |
| Vendor | ketr |
| Product | jepaas |
| Published | Dec 25, 2025 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for ketr jepaas
Be the first to know when new medium vulnerabilities affecting ketr jepaas are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ketr / JEPaaS
7.2.0 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.2.6 7.2.7 7.2.8
References
vuldb.com: https://vuldb.com/?id.338416 vuldb.com: https://vuldb.com/?ctiid.338416 vuldb.com: https://vuldb.com/?submit.708321 github.com: https://github.com/ha1yu-Yiqiyin/warehouse/blob/main/jepaas-v7.2.8-sqlinject1.md github.com: https://github.com/ha1yu-Yiqiyin/warehouse/blob/main/jepaas-v7.2.8-sqlinject1.md#2%E5%A4%8D%E7%8E%B0replicate
Credits
๐ red0_ha1yu (VulDB User)