CVE-2025-7735
Description
The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated remote SQL injection in UNIMAX Hospital Information System lets attackers read database contents.
Root
Cause CVE-2025-7735 is a SQL Injection vulnerability in the Hospital Information System developed by UNIMAX. The flaw exists in version 2024.1.2.1 and earlier, allowing arbitrary SQL commands to be injected through the application's input handling [1][2].
Attack
Vector An unauthenticated remote attacker can exploit this vulnerability without any prior authentication or special network access. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) confirms that the attack is network-based, requires low complexity, and needs no privileges or user interaction [2].
Impact
Successful exploitation grants the attacker the ability to execute arbitrary SQL commands, leading to unauthorized reading of the database contents. This could expose sensitive patient data, medical records, or other confidential information stored in the hospital information system [1][2].
Mitigation
The vendor has released a fix in version 2025.7.18.1 or later. Users of the affected version 2024.1.2.1 and earlier should update immediately. No workarounds are mentioned in the advisories [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.