SQL Injection Vulnerability in CesiumLab Web by CesiumLab
CVE-2025-8744

7.3HIGH

Key Information:

Vendor: CesiumLab
Status: CesiumLab Web
Vendor: CVE Published:; 9 August 2025

What is CVE-2025-8744?

A vulnerability found in CesiumLab Web affects versions up to 4.0 and is associated with the manipulation of the argument ID in the /lodmodels/ file. This allows attackers to execute SQL injection attacks remotely. The vulnerability has been publicly disclosed, indicating a significant risk to affected systems. Despite early notification, the vendor has not addressed the issue, leaving users exposed to potential exploitation.

References

https://vuldb.com/?ctiid.319240

https://vuldb.com/?id.319240

https://vuldb.com/?submit.616911

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2025