Renren Security before 5.5.0 allows SQL Injection attacks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Renren Security before 5.5.0 allows SQL Injection attacks

CVE-2025-70821

Summary

Renren Security versions before 5.5.0 contain a bug that allows hackers to inject malicious SQL code, potentially stealing or altering important data. This means that an attacker could gain unauthorized access to sensitive information. To protect your system, update to version 5.5.0 or later.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
renren	renren-security	<= 5.5.0	–

Original title

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component

Original description

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component

nvd CVSS3.1 9.8

Vulnerability type

CWE-89 SQL Injection

https://gist.github.com/sorzs/40dbc60504ab6cb0b592d9010d5ae8af Third Party Advisory
https://github.com/sorzs/test/tree/main Exploit
https://github.com/sorzs/opencve/tree/main/CVE-2025-70821 Exploit Third Party Advisory

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026