High severityNVD Advisory· Published Oct 21, 2025· Updated Apr 15, 2026
CVE-2025-9339
CVE-2025-9339
Description
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6 characters. We weren't able to identify a way to exfiltrate data within query character limit.
This issue affects SIMPLE.ERP in versions before 6.30@a04.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <6.30@a04.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.