Medium severity6.3NVD Advisory· Published Sep 10, 2025· Updated Jun 17, 2026
CVE-2025-10197
CVE-2025-10197
Description
A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=20250822
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.