SQL Injection and Command Injection Vulnerabilities in Times Software E-Payroll
CVE-2025-9977

5.3MEDIUM

Key Information:

Vendor: Times Software
Status: E-payroll
Vendor: CVE Published:; 18 November 2025

🔔 Create Times Software Vulnerability Alert

What is CVE-2025-9977?

A vulnerability in Times Software E-Payroll arises from inadequate sanitization of POST parameters during user login processes. This flaw can enable unauthenticated attackers to execute Denial of Service (DoS) operations. Furthermore, SQL injection attacks may also be viable, although the creation of a functional exploit has been hindered by existing backend filtering systems. Attempts to leverage command injection could reveal detailed error messages, inadvertently exposing sensitive information about the application’s internal architecture. The patching status remains uncertain as the vendor has not responded to outreach efforts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

E-Payroll 0 <= 20250121.0

References

https://cert.pl/en/posts/2025/11/CVE-2025-9977

third-party-advisory

https://www.timesoftsg.com.sg/payroll-software/

product

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 4, 2025

Credit

Sebastian Jeż

JSON

Times Software

What is CVE-2025-9977?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.