Plattform
other
Komponente
webpack-management-system
Behoben in
20251119.0.1
CVE-2025-10437 describes a SQL Injection vulnerability discovered in the Eksagate Webpack Management System. This flaw allows attackers to inject malicious SQL code into database queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability impacts versions from 0 through 20251119, but a patch is available in version 20251119.0.1.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the Webpack Management System's database. This could involve extracting sensitive user data, including credentials and personal information. An attacker could also modify data, corrupt the system, or even execute arbitrary commands on the underlying server. The blast radius extends to any data stored within the database, and depending on the system's configuration, could potentially lead to lateral movement within the network. While no specific real-world exploits have been publicly linked to this CVE yet, SQL Injection vulnerabilities are consistently among the most exploited, often leading to significant data breaches and system downtime.
CVE-2025-10437 was published on 2025-11-19. Its severity is rated CRITICAL (CVSS 9.8). No KEV listing or public proof-of-concept exploits are currently known. The vulnerability's ease of exploitation is likely high due to the nature of SQL Injection, making it a potential target for automated scanning and exploitation.
Organizations utilizing the Eksagate Webpack Management System, particularly those with sensitive data stored in the database, are at significant risk. Systems with older, unpatched versions are especially vulnerable. Shared hosting environments where multiple users share a database are also at increased risk.
disclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-10437 is to immediately upgrade the Webpack Management System to version 20251119.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and parameterized queries to sanitize user-supplied data before it is used in SQL queries. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of protection. After upgrading, verify the fix by attempting a SQL Injection payload through the vulnerable endpoint and confirming that it is properly sanitized.
Actualizar el Webpack Management System a una versión posterior a 20251119. Esto solucionará la vulnerabilidad de inyección SQL. Consultar al proveedor para obtener la versión actualizada.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-10437 is a critical SQL Injection vulnerability affecting Eksagate Webpack Management System, allowing attackers to manipulate database queries and potentially gain unauthorized access to data.
If you are using Webpack Management System versions 0 through 20251119, you are affected by this vulnerability. Upgrade to 20251119.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 20251119.0.1 or later. As a temporary workaround, implement input validation and parameterized queries.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it may become a target.
Please refer to the Eksagate website or contact their support for the official advisory regarding CVE-2025-10437.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.