Windesk Fm
CVE-2025-11252
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in Signum Technology application allows unauthenticated attackers to execute arbitrary SQL queries.
Technical ContextAI
CWE-89 SQL injection without authentication.
RemediationAI
Apply vendor patch. Implement parameterized queries.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today