Critical severityNVD Advisory· Published Apr 14, 2025· Updated Apr 15, 2026

CVE-2025-22371

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.

The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

basec.sicomm.netnvd
csirt.divd.nl/CVE-2025-22371nvd
csirt.divd.nl/DIVD-2025-00001nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000