CVE-2025-41013

| EUVD-2025-200247 CRITICAL
2025-12-02 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200247
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
CVE Published
Dec 02, 2025 - 14:16 nvd
CRITICAL 9.8

Tags

SQLi Gim

Description

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

Analysis

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

Technical Context

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

Affected Products

Affected products: Tcman Gim

Remediation

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: 0

Share

CVE-2025-41013 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy