How to fix CVE-2025-15560?

Within 24 hours: Identify all WorkTime deployments using Firebird backends and restrict API access via network controls or disable the widget API endpoint if non-critical. Within 7 days: Deploy WAF rules to block SQL injection patterns on the affected endpoint, conduct database access logs review for suspicious activity, and notify affected users of potential exposure. Within 30 days: Monitor vendor communication for patch availability, plan immediate deployment upon release, and conduct full database audit for unauthorized access.

Is Mssql affected by CVE-2025-15560?

A high-severity SQL injection vulnerability (CVE-2025-15560) in WorkTime server's API allows authenticated users with minimal permissions to potentially extract the entire database, including sensitive employee and business data.

CVE-2025-15560

HIGH

2026-02-19 551230f0-3615-47bd-b7cc-93e92e730bbf

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 11:15 nvd

HIGH 8.8

Description

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.

Analysis

Technical Context

Classified as CWE-89 (SQL Injection). Affects Worktime. An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.

Affected Products

Vendor: Nestersoft. Product: Worktime.

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2025-15560 vulnerability details – vuln.today

Back

CVE-2025-15560

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-15560

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code