CVE-2025-56699

medium

Description

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter.

References

https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2025-56699

https://basedigitale.com/integrated-security-solutions/security-asset-management/centrax/

Details

Source: Mitre, NVD

Published: 2025-10-16

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0004