CVE-2025-13319HIGH 8.8EPSS p28.5%

CVE-2025-13319CVE-2025-13319

Description

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.5% · 2026-06-18T12:00:27Z
Published2025-11-17
Last modified2026-04-15

Underlying weaknesses· 2

CWE-20CWE-89

References

  1. https://dom.nettec.no/security-advisories/DOM-25-001/

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13774
CVE
CVE-2025-32814
CVE
CVE-2025-7343
CVE
CVE-2025-5319
CVE
CVE-2025-10265
CVE
CVE-2025-41013
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.