High severity8.8NVD Advisory· Published Nov 17, 2025· Updated Apr 15, 2026

CVE-2025-13319

Description

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input.

The API is not enabled by default, and a valid API token is required to perform the attack.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dom.nettec.no/security-advisories/DOM-25-001/nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000