How to fix CVE-2025-22207?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

CVE-2025-22207

MEDIUM

2025-02-18 [email protected]

SQLi

6.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

CVE Published

Feb 18, 2025 - 16:15 nvd

MEDIUM 6.7

DescriptionNVD

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.

AnalysisAI

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2025-22207 vulnerability details – vuln.today

Back

CVE-2025-22207

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

CVE-2025-22207

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code