CVE-2025-40888

medium

Description

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

References

https://security.nozominetworks.com/NN-2025:10-01

Details

Source: Mitre, NVD

Published: 2025-10-07

Updated: 2025-10-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 6

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00026

Detections

Analytics

CVE-2025-40888

medium

Description

References

Details

Risk Information

CVSS v2

CVSS v3

CVSS v4

EPSS