CVE-2025-52085
Last modified
CVE-2025-52085 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner and version, current database user and schema, the current DBMS user privileges, and arbitrary data from any table.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner and version, current database user and schema, the current DBMS user privileges, and arbitrary data from any table.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yoosee | Yoosee | 6.32.4 |
References
- https://medium.com/@pundhapat/sqli-in-the-cloud-root-on-the-board-a-beginners-journey-into-iot-hacking-06efb2539a21Exploit, Third Party Advisory
- https://yoosee.appProduct
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-52085?
How severe is CVE-2025-52085?
How do I fix CVE-2025-52085?
Are you affected by CVE-2025-52085?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST