What is the CVSS score of CVE-2025-57792?

CVE-2025-57792 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Blue are affected by CVE-2025-57792?

Explorance Blue installations are vulnerable to critical SQL injection attacks that could allow unauthorized database access, data theft, or system compromise.

How to fix or mitigate CVE-2025-57792?

Within 24 hours: Inventory all Explorance Blue instances and document versions; restrict network access to the application to essential users only; enable enhanced logging on database connections. Within 7 days: Implement WAF rules to block SQL injection patterns targeting vulnerable endpoints; coordinate with Explorance for patch ETA; conduct forensic review for signs of exploitation. Within 30 days: Apply patch 8.14.9 immediately upon release; validate all systems post-patch; perform full security assessment of affected infrastructure.

Blue CVE-2025-57792

CRITICAL

SQL Injection (CWE-89)

2026-01-28 mandiant-cve@google.com

SQLi Blue

10.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

10.0 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 18:16 nvd

CRITICAL 10.0

DescriptionCVE.org

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.

AnalysisAI

Explorance Blue versions before 8.14.9 have a CVSS 10.0 SQL injection vulnerability enabling unauthenticated attackers to fully compromise the survey and assessment database.

Technical ContextAI

Explorance Blue < 8.14.9 has a CWE-89 SQL injection caused by insufficient input validation, allowing unauthenticated attackers to execute arbitrary SQL commands against the survey database.

RemediationAI

Upgrade to 8.14.9+. Audit database access logs. Notify affected respondents if data was exposed.

CVE-2025-57792 vulnerability details – vuln.today

Back

Blue CVE-2025-57792

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code