CVE-2025-24290

Name: CVE-2025-24290
Creator: NVD / NIST
Published: 2025-06-29T20:15:24.93+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.29%

Last modified Jun 17, 2026

CVE-2025-24290 is a vulnerability of currently unknown severity. Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

Metrics

EPSS Probability

0.29%

20.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

References

https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d

Timeline

Published: Jun 29, 2025
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2025-24290?

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

How severe is CVE-2025-24290?

Severity scoring for CVE-2025-24290 is pending analysis. The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2025-24290?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-24290?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST