SQL Injection Vulnerability in Alert Functionality of Nozomi Networks Software
CVE-2025-40887
6MEDIUM
What is CVE-2025-40887?
An SQL Injection vulnerability has been identified in the Alert functionality of Nozomi Networks Software, resulting from the inadequate validation of input parameters. This flaw allows authenticated users with limited privileges to execute arbitrary SELECT SQL statements on the underlying database management system (DBMS). Consequently, this vulnerability may lead to unauthorized access to sensitive data within the application, highlighting the need for robust security measures and thorough input validation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
CMC 0 < 25.2.0
Guardian 0 < 25.2.0
References
CVSS V4
Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.