Skip to main content
CVE-2025-11253 CRITICAL Act Now

Unauthenticated SQL injection in Aksis Technology Netty ERP versions prior to V.1.1000 allows remote attackers to manipulate backend database queries with full confidentiality, integrity, and availability impact (CVSS 9.8). The flaw is rooted in improper neutralization of special elements in SQL commands (CWE-89), and no public exploit has been identified at time of analysis, though the Turkish national CSIRT (USOM) has issued a public bulletin tracking this issue.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy