Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker.

Versions 4.0 and above are not affected.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 04 Sep 2025 12:30:00 +0000

Type Values Removed Values Added
Description Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected.
Title SQL Injection in GOV CMS
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2025-09-04T13:24:35.160Z

Reserved: 2025-07-09T09:47:30.158Z

Link: CVE-2025-7385

cve-icon Vulnrichment

Updated: 2025-09-04T13:24:30.261Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-04T13:15:45.357

Modified: 2025-09-04T15:35:29.497

Link: CVE-2025-7385

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.