SQL Injection Vulnerability in SicommNet BASEC SaaS Service
CVE-2025-22371

9.3CRITICAL

Key Information:

Vendor

Sicommnet

Status
Basec
Vendor
CVE Published:
14 April 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-22371?

An SQL Injection vulnerability exists in the SicommNet BASEC SaaS Service login page, which permits an unauthenticated remote attacker to bypass authentication and execute arbitrary SQL commands. This security flaw has been present in the product since at least December 14, 2021, possibly earlier. Currently, there is no patch available to mitigate this vulnerability, underscoring the necessity for immediate action to secure affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BASEC SaaS 14 Dec 2021 <= 16 April 2025 23:00 EST

BASEC SaaS 16 April 2025 23:00 EST

References

https://basec.sicomm.net/
product
https://csirt.divd.nl/DIVD-2025-00001
third-party-advisory
https://csirt.divd.nl/CVE-2025-22371
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jesse Meijer (DIVD)
Frank Breedijk (DIVD)
JSON
.