CVE-2025-8858
Description
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2025-8858 is an unauthenticated SQL injection vulnerability in Changing's Clinic Image System that allows remote attackers to read database contents.
Vulnerability
Overview CVE-2025-8858 is a SQL injection vulnerability in the Clinic Image System developed by Changing. The flaw exists in versions 2.4.23.2131 and earlier (excluding 1.5.x.x and 2.0.x.x). An attacker can inject arbitrary SQL commands without authentication, directly querying the backend database [1][2].
Attack
Vector No authentication is required; the vulnerability is exploitable remotely over the network. The attack complexity is low and no user interaction is needed. The CVSS v3.1 score is 7.5 (High) with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating high confidentiality impact but no impact on integrity or availability [1][2].
Impact
Successful exploitation allows an unauthenticated remote attacker to read arbitrary data from the database. This could expose sensitive patient records, system configuration, or other confidential information stored by the Clinic Image System [1][2].
Mitigation
The vendor advises updating to a version later than 2.4.23.2131 to remediate the issue. Users running version 2.4.23.2131 or earlier (and not on 1.5.x.x or 2.0.x.x) should apply the fix as soon as possible [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.