Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Nov 13, 2025
CVE-2025-56385
CVE-2025-56385
Description
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WellSky/Harmonydescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.