Unrated severityNVD Advisory· Published Oct 7, 2025· Updated Oct 7, 2025

Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0

CVE-2025-40888

Description

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Affected products

Nozominetworks/Cmcv5
Range: 0
Nozominetworks/Guardianv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2025:10-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000