SQL Injection Vulnerability in Seacms Affected by Misconfiguration
CVE-2025-25519

9.8CRITICAL

Key Information:

Vendor: Seacms
Status: Seacms
Vendor: CVE Published:; 25 February 2025

What is CVE-2025-25519?

The Seacms web application up to version 13.3 is exposed to an SQL Injection vulnerability through the admin_zyk.php file, which could allow an attacker to manipulate the underlying database. This exploitation may lead to unauthorized access to sensitive data and can compromise the security of the web application.

References

https://github.com/Colorado-all/cve/blob/main/seacms/seac...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 7, 2025