Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before...

6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Basic Information

ID CVE-2025-40885

Source Nozomi

Published Oct 7, 2025 at 12:35

Affected Product

Vendor Nozomi Networks

Product Guardian

Affected Versions Nozomi Networks Guardian 0
Nozomi Networks CMC 0

CWE Classification

CWE-89

References

security.nozominetworks.com /NN-2025:6-01

{
    "lastseen": "",
    "description": "A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.",
    "published": "2025-10-07T12:35:57.566Z",
    "modified": "2025-10-07T12:35:57.566Z",
    "type": "cve",
    "title": "Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0",
    "source": "Nozomi",
    "references": "https://security.nozominetworks.com/NN-2025:6-01",
    "id": "CVE-2025-40885",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Nozomi Networks Guardian 0\nNozomi Networks CMC 0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Guardian",
    "version": "0",
    "vendor": "Nozomi Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0_CVE-2025-40885