SQL Injection Vulnerability in Seacms Affected by Misconfiguration
CVE-2025-25519

9.8CRITICAL

Key Information:

Vendor
Seacms
Status
Seacms
Vendor
CVE Published:
25 February 2025

Summary

The Seacms web application up to version 13.3 is exposed to an SQL Injection vulnerability through the admin_zyk.php file, which could allow an attacker to manipulate the underlying database. This exploitation may lead to unauthorized access to sensitive data and can compromise the security of the web application.

References

https://github.com/Colorado-all/cve/blob/main/seacms/seac...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25519 : SQL Injection Vulnerability in Seacms Affected by Misconfiguration | SecurityVulnerability.io