Sign in Subscribe

← All advisories

Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Feb 12, 2026

CVE-2025-70981

CVE-2025-70981

Description

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.

Affected products

2

CordysCRM/CordysCRMdescription
CordysCRM/CordysCRMllm-create
Range: = 1.4.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

github.com/Tomikun2/SQL-Injection-in-CordysCRM/blob/main/README.mdmitre

News mentions

0

No linked articles in our index yet.