How to fix CVE-2025-6766?

Within 30 days: Identify affected systems running sfturing hosp_order and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Is Hosp Order affected by CVE-2025-6766?

Organizations using sfturing hosp_order should be aware of moderate risk from CVE-2025-6766, a injection vulnerability rated CVSS 6.3. Exploitation could allow attackers to execute code or inject malicious input. Proof-of-concept code is publicly available.

CVE-2025-6766

EUVD-2025-19329 MEDIUM

2025-06-27 [email protected]

SQLi Hosp Order

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 00:16 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 00:16 euvd

EUVD-2025-19329

PoC Detected

Jul 08, 2025 - 14:48 vuln.today

Public exploit code

CVE Published

Jun 27, 2025 - 13:15 nvd

MEDIUM 6.3

DescriptionNVD

A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

AnalysisAI

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

CVE-2025-6766 vulnerability details – vuln.today

Back