CVE-2025-40985
Description
SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SCATI Vision Web versions 4.8 to 7.2 allows attackers to exfiltrate database data via the login parameter.
Vulnerability
Description CVE-2025-40985 is a SQL injection vulnerability in SCATI Vision Web, a video surveillance management software, affecting versions 4.8 through 7.2. The vulnerability exists in the /scatevision_web/index.php/loginForm endpoint, specifically through the login parameter. This allows an attacker to inject arbitrary SQL queries into the application's database [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability over the network. While the attack complexity is high (CVSS v4.0 AC:H), no privileges are required, and user interaction is not needed. The attacker simply sends malicious input to the login parameter [1].
Impact
Successful exploitation enables the attacker to exfiltrate data from the database. The CVSS vector indicates low confidentiality impact and high availability impact, but the official description focuses on data exfiltration [1].
Mitigation
The vulnerability has been fixed by SCATI Labs in version 7.3.1.0. Users are strongly advised to update to the latest version to prevent potential exploitation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.