Critical severityNVD Advisory· Published Sep 4, 2025· Updated Apr 15, 2026

CVE-2025-7385

Description

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker.

Versions 4.0 and above are not affected.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/posts/2025/09/CVE-2025-7385nvd
sam3.pl/strona-305-za_co_nas_cenia_redaktorzy.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000