AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2025-60357 is a high-severity NoSQL injection vulnerability (CVSS 8.1) in AhnLab EPP Management v1.0.14.32-6249, specifically within the eventlog/agentEvent/list endpoint. NoSQL injection attacks allow attackers to manipulate database queries by injecting malicious operators or syntax into user-controlled input, bypassing authentication and authorization checks. This vulnerability affects organizations relying on AhnLab's endpoint protection platform for security event management and logging. An unauthenticated attacker could exploit this flaw to query, extract, or modify sensitive event logs, potentially exposing security incidents, agent status information, or other critical operational data stored in the NoSQL database.
While this CVE has not yet been mapped to specific MITRE ATT&CK techniques, practitioners using Casky.ai would leverage Claude's extended reasoning capabilities to identify attack patterns associated with data access and exfiltration techniques such as T1530 (Data from Cloud Storage) or T1213 (Data from Information Repositories). The platform's 754 security skills would help detect suspicious queries to the eventlog endpoint, unusual NoSQL syntax patterns in network traffic, and anomalous database access attempts that deviate from normal application behavior. Practitioners reviewing Casky findings would see detailed analysis of payload structures, query manipulation indicators, and behavioral anomalies that distinguish NoSQL injection exploitation attempts from legitimate logging operations, enabling rapid threat detection and remediation.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2025-60357. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation