SQL Injection Vulnerability in Windesk.Fm by Signum Technology Promotion and Training Inc.
CVE-2025-11252

9.8CRITICAL

Key Information:

Vendor: Signum Technology Promotion And Training Inc.
Status: Windesk.fm
Vendor: CVE Published:; 27 February 2026

🔔 Create Signum Technology Promotion And Training Inc. Vulnerability Alert

What is CVE-2025-11252?

Windesk.Fm, developed by Signum Technology Promotion and Training Inc., is vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands. This flaw allows attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information. Users and organizations utilizing Windesk.Fm should assess their systems and implement necessary mitigation strategies to prevent possible exploitation.

Affected Version(s)

windesk.fm 0

References

https://www.usom.gov.tr/bildirim/tr-26-0085

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2026
Vulnerability Reserved
Oct 3, 2025

Credit

Engin AYDOĞAN

CVE-2025-11252 Data

JSON