CVE-2025-40886HIGH 8.8EPSS p15.1%

CVE-2025-40886CVE-2025-40886

Description

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 15.1% · 2026-06-19T12:03:05Z
Published2025-10-07
Last modified2025-10-09

Underlying weaknesses· 1

CWE-89

References

  1. https://security.nozominetworks.com/NN-2025:7-01

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52694
CVE
CVE-2025-48650
CVE
CVE-2025-40892
CVE
CVE-2025-23176
CVE
CVE-2025-64126
CVE
CVE-2026-6356
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.