Platform
other
Component
webpack-management-system
Fixed in
20251119.0.1
CVE-2025-10437 describes a SQL Injection vulnerability discovered in the Eksagate Webpack Management System. This flaw allows attackers to inject malicious SQL code into database queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability impacts versions from 0 through 20251119, but a patch is available in version 20251119.0.1.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the Webpack Management System's database. This could involve extracting sensitive user data, including credentials and personal information. An attacker could also modify data, corrupt the system, or even execute arbitrary commands on the underlying server. The blast radius extends to any data stored within the database, and depending on the system's configuration, could potentially lead to lateral movement within the network. While no specific real-world exploits have been publicly linked to this CVE yet, SQL Injection vulnerabilities are consistently among the most exploited, often leading to significant data breaches and system downtime.
CVE-2025-10437 was published on 2025-11-19. Its severity is rated CRITICAL (CVSS 9.8). No KEV listing or public proof-of-concept exploits are currently known. The vulnerability's ease of exploitation is likely high due to the nature of SQL Injection, making it a potential target for automated scanning and exploitation.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-10437 is to immediately upgrade the Webpack Management System to version 20251119.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as input validation and parameterized queries to sanitize user-supplied data before it is used in SQL queries. Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of protection. After upgrading, verify the fix by attempting a SQL Injection payload through the vulnerable endpoint and confirming that it is properly sanitized.
Actualizar el Webpack Management System a una versión posterior a 20251119. Esto solucionará la vulnerabilidad de inyección SQL. Consultar al proveedor para obtener la versión actualizada.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-10437 is a critical SQL Injection vulnerability affecting Eksagate Webpack Management System, allowing attackers to manipulate database queries and potentially gain unauthorized access to data.
If you are using Webpack Management System versions 0 through 20251119, you are affected by this vulnerability. Upgrade to 20251119.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 20251119.0.1 or later. As a temporary workaround, implement input validation and parameterized queries.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it may become a target.
Please refer to the Eksagate website or contact their support for the official advisory regarding CVE-2025-10437.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.