SQL Injection Vulnerability in SIMPLE.ERP Software by SIMPLE
CVE-2025-9339

7.1HIGH

Key Information:

Vendor: Simple Sa
Status: Simple.erp
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-9339?

An SQL injection vulnerability has been identified in the warehouse document filtering form of SIMPLE.ERP software. This flaw enables logged-in users to submit a payload of up to 20 characters, allowing significant actions such as the deletion of database tables with names limited to a maximum of 6 characters. Although exploitation does not seem to extend to data exfiltration due to the query character limit, the potential for destructive actions raises serious concerns about data integrity and security within the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SIMPLE.ERP 0 < 6.30@a04.3

References

https://cert.pl/en/posts/2025/10/CVE-2025-9339/

third-party-advisory

https://simple.com.pl/

product

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Kamil Dąbkowski

JSON

Simple Sa

What is CVE-2025-9339?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.