How to fix CVE-2025-48701?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Is PHP affected by CVE-2025-48701?

Organizations using openDCIM through 23.04 should be aware of moderate risk from CVE-2025-48701, a SQL injection vulnerability rated CVSS 5.4. Exploitation could allow attackers to execute code or inject malicious input.

CVE-2025-48701

MEDIUM

2025-05-23 [email protected]

PHP SQLi

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:43 vuln.today

CVE Published

May 23, 2025 - 04:15 nvd

MEDIUM 5.4

DescriptionNVD

openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.

AnalysisAI

openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. Version information: through 23.04.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2025-48701 vulnerability details – vuln.today

Back