SQL Injection Vulnerability in Kolay Software Inc. Talentics
CVE-2025-10970

9.8CRITICAL

Key Information:

Vendor: Kolay Software Inc.
Status: Talentics
Vendor: CVE Published:; 20 February 2026

🔔 Create Kolay Software Inc. Vulnerability Alert

What is CVE-2025-10970?

An SQL Injection vulnerability exists in Kolay Software Inc. Talentics, allowing attackers to execute arbitrary SQL commands through the application. This exploit particularly affects the data integrity and confidentiality, as attackers may gain unauthorized access to sensitive information contained within the database. This vulnerability has been noted for its potential to allow Blind SQL Injection, which can be particularly harmful as it does not require visible feedback from the database, making it difficult to detect. Users of Talentics should take immediate action to secure their systems against this type of attack.

Affected Version(s)

Talentics 0 <= 20022026

References

https://www.usom.gov.tr/bildirim/tr-26-0081

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Sep 25, 2025

Credit

Berat ARSLAN

CVE-2025-10970 Data

JSON