Home > Vulnerability Database > CVE-2025-32020

Mend.io Vulnerability Database

CVE-2025-32020

Good to know:

Date: April 8, 2025

The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries. Improper neutralization of the order/sort parameter in the TypeORM adapter, which allows SQL injection. You are impacted by this vulnerability if you are using the TypeORM adapter, ordering is enabled and you have not set-up a property filter. This vulnerability is fixed in 0.1.0.

Severity Score

9.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32020

Url: https://github.com/Guichaguri/crud-query-parser/security/advisories/GHSA-9r25-rp3p-h2w4

Url: https://github.com/Guichaguri/crud-query-parser

Url: https://www.mend.io/vulnerability-database/CVE-2025-32020

Severity Score

9.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version crud-query-parser - 0.1.0

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32020

Good to know:

Date: April 8, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?