SQL Injection Vulnerability in Riello UPS NetMan 208 Application
CVE-2025-68914

6.5MEDIUM

Key Information:

Vendor: Riello
Status: Netman
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68914?

The Riello UPS NetMan 208 Application prior to version 1.12 is susceptible to SQL injection through the cgi-bin/login.cgi interface. This vulnerability allows attackers to manipulate database queries, potentially leading to unauthorized access or data deletion, including critical tables such as LOGINFAILEDTABLE. It highlights the importance of implementing proper input validation and security measures to mitigate the risk of exploitation.

Affected Version(s)

NetMan 208 < 208 1.12

References

https://github.com/gerico-lab/riello-multiple-vulnerabili...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 24, 2025

JSON