SQL injection leading to privilege escalation in Progress Flowmon ADS

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

AI Analysis

SQL injection vulnerability allowing authenticated users to execute unintended SQL queries and commands

Basic Information

ID CVE-2025-13774

Source ProgressSoftware

Published Jan 13, 2026 at 12:59

Affected Product

Vendor Progress Software

Product Flowmon ADS

Version Flowmon ADS 12 versions prior to 12.5.4

Affected Versions Progress Software Flowmon ADS Flowmon ADS 12 versions prior to 12.5.4
Progress Software Flowmon ADS Flowmon ADS 13 versions prior to 13.0.1

CWE Classification

CWE-89

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Progress Software

Product Flowmon ADS

Version 12.5.4, 13.0.1

References

community.progress.com /s/article/Flowmon-ADS-CVE-2025-13774

{
    "lastseen": "",
    "description": "A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.",
    "published": "2026-01-13T12:59:51.775Z",
    "modified": "2026-01-13T12:59:51.775Z",
    "type": "cve",
    "title": "SQL injection leading to privilege escalation in Progress Flowmon ADS",
    "source": "ProgressSoftware",
    "references": "https://community.progress.com/s/article/Flowmon-ADS-CVE-2025-13774",
    "id": "CVE-2025-13774",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Progress Software Flowmon ADS Flowmon ADS 12 versions prior to 12.5.4\nProgress Software Flowmon ADS Flowmon ADS 13 versions prior to 13.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flowmon ADS",
    "version": "Flowmon ADS 12 versions prior to 12.5.4",
    "vendor": "Progress Software",
    "ai_description": "SQL injection vulnerability allowing authenticated users to execute unintended SQL queries and commands",
    "ai_severity": "High",
    "ai_vendor": "Progress Software",
    "ai_product": "Flowmon ADS",
    "ai_version": "12.5.4, 13.0.1",
    "ai_score": 8.8
}

SQL injection leading to privilege escalation in Progress Flowmon ADS_CVE-2025-13774