CVE-2025-8096

high

Description

A SQL injection vulnerability exists in Tenable Patch Management versions prior to 9.3.968.19 due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data. Tenable has released Tenable Patch Management version 9.3.968.19 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/tenable-patch-management

Details

Source: Mitre, NVD

Published: 2025-07-29

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L