Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability.

Basic Information

ID CVE-2025-40886

Source Nozomi

Published Oct 7, 2025 at 12:36

Modified Oct 7, 2025 at 13:10

Affected Product

Vendor Nozomi Networks

Product Guardian

Affected Versions Nozomi Networks Guardian 0
Nozomi Networks CMC 0

CWE Classification

CWE-89

References

security.nozominetworks.com /NN-2025:7-01

{
    "lastseen": "",
    "description": "A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability.",
    "published": "2025-10-07T12:36:34.324Z",
    "modified": "2025-10-07T13:10:08.763Z",
    "type": "cve",
    "title": "Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0",
    "source": "Nozomi",
    "references": "https://security.nozominetworks.com/NN-2025:7-01",
    "id": "CVE-2025-40886",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Nozomi Networks Guardian 0\nNozomi Networks CMC 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Guardian",
    "version": "0",
    "vendor": "Nozomi Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0_CVE-2025-40886