Multiple CVEs in Infoblox NetMRI RCE, Auth Bypass, SQLi, and File Read Vulnerabilities

Introduction

While performing research on Infoblox’s NetMRI network automation and configuration management solution, we discovered 6 vulnerabilities in version 7.5.4.104695 of the NetMRI virtual appliance. These ranged from unauthenticated command injection (CVE-2025-32813), SQL injection (CVE-2025-32814), hardcoded credentials (CVE-2025-32815), cookie forgery, and arbitrary file read as root (CVE-2024-54188).

This post provides a detailed walkthrough of each vulnerability, including discovery techniques and how attackers could exploit these vulnerabilities.

Vulnerability Summary

• Vendor: Infoblox
• Product: NetMRI
• Affected Platforms: Virtual Appliance (VM)
• Confirmed Vulnerable Versions: 7.5.4.104695
• Fixed Version: 7.6.1
• Product URL: Infoblox NetMRI

To read the complete article, see: here

📰 Stay informed about security vulnerabilities!