SQL injection in Cats Information Technology's Aykome License Tracking System (versions prior to the 06.10.2025 build) allows remote unauthenticated attackers to manipulate backend database queries via crafted input. The flaw carries a critical 9.8 CVSS score with full confidentiality, integrity, and availability impact, though EPSS rates near-term exploitation probability at only 0.04% and no public exploit identified at time of analysis. The vulnerability was disclosed by Turkey's national CERT (USOM) under advisory TR-25-0332.
SQLi
NVD
VulDB
CVSS 3.1
9.8
EPSS
0.0%