SQL Injection Vulnerability in SicommNet BASEC SaaS Service
CVE-2025-22371

9.3CRITICAL

Key Information:

Vendor
Sicommnet
Status
Basec
Vendor
CVE Published:
14 April 2025

Badges

👾 Exploit Exists

Summary

An SQL Injection vulnerability exists in the SicommNet BASEC SaaS Service login page, which permits an unauthenticated remote attacker to bypass authentication and execute arbitrary SQL commands. This security flaw has been present in the product since at least December 14, 2021, possibly earlier. Currently, there is no patch available to mitigate this vulnerability, underscoring the necessity for immediate action to secure affected systems.

Affected Version(s)

BASEC SaaS 14 Dec 2021 <= 16 April 2025 23:00 EST

BASEC SaaS 16 April 2025 23:00 EST

References

https://basec.sicomm.net/
product
https://csirt.divd.nl/DIVD-2025-00001
third-party-advisory
https://csirt.divd.nl/CVE-2025-22371
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jesse Meijer (DIVD)
Frank Breedijk (DIVD)
.