In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL injection issues and weaknesses in the encryption used to safeguard documents. In other words: A typical "secure" document management system. The product appears to be targeting the Chinese market, and with a website all in Chinese, I doubt it is used much, if at all, outside China.

The scans we are seeing are directed at "/CDGServer3/SystemConfig". The one vulnerability I was able to find was CVE-2025-0785, which mentions a possible XSS vulnerability in SystemConfig.jsp. Sadly, not all of our sensors report POST data (working on fixing that), so I am not sure if this is the issue they are trying to exploit. The GitHub repo with details about the vulnerability is no longer available, and the NVD entries are not really complete and do not link to any pages within the manufacturer's website with possible patches.

A quick scan of the manufacturer's website did not reveal any obvious patches or references to this bug.

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-0785
[2] https://www.esafenet.com

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|