Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Basic Information

ID CVE-2025-40888

Source Nozomi

Published Oct 7, 2025 at 12:38

Modified Oct 7, 2025 at 13:08

Affected Product

Vendor Nozomi Networks

Product Guardian

Affected Versions Nozomi Networks Guardian 0
Nozomi Networks CMC 0

CWE Classification

CWE-89

References

security.nozominetworks.com /NN-2025:10-01

{
    "lastseen": "",
    "description": "A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.",
    "published": "2025-10-07T12:38:39.042Z",
    "modified": "2025-10-07T13:08:15.336Z",
    "type": "cve",
    "title": "Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0",
    "source": "Nozomi",
    "references": "https://security.nozominetworks.com/NN-2025:10-01",
    "id": "CVE-2025-40888",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Nozomi Networks Guardian 0\nNozomi Networks CMC 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Guardian",
    "version": "0",
    "vendor": "Nozomi Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0_CVE-2025-40888