SQL Injection Vulnerability in Zeon Academy Pro by Zeon Global Tech
CVE-2025-41029

9.3CRITICAL

Key Information:

Vendor

Zeon Global Tech

Status
Zeon Academy Pro
Vendor
CVE Published:
21 April 2026

What is CVE-2025-41029?

An SQL injection vulnerability exists in Zeon Academy Pro that can be exploited by attackers to manipulate database queries. Through the '/private/continue-upload.php' endpoint, an attacker can send a crafted POST request using the 'phonenumber' parameter to retrieve, create, modify, or delete data in the database, thereby compromising the integrity and confidentiality of the stored information.

Affected Version(s)

Zeon Academy Pro 0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-in...
patch

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gonzalo Aguilar GarcĂ­a (6h4ack)
.