Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

CVE-2025-67811

Description

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.

Affected products

Area9/Rhapsodedescription
Area9/Rhapsodellm-create
Range: <= 1.47.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

area9.commitre
security.area9lyceum.com/cve-2025-67811/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000