Skip to main content
CVE-2025-6918 CRITICAL Act Now

SQL injection in Ncvav Virtual PBX Software versions prior to 09.07.2025 allows remote unauthenticated attackers to manipulate backend database queries, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported by Turkey's national CSIRT (USOM) and carries a critical CVSS 9.8 score, though no public exploit identified at time of analysis and no EPSS data is currently available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy