What is the CVSS score of CVE-2025-69215?

CVE-2025-69215 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Openstamanager are affected by CVE-2025-69215?

OpenSTAManager versions 2.9.8 and earlier contain a critical SQL injection vulnerability in the Stampe Module that could allow attackers to compromise your database.

Is there a public PoC exploit available for CVE-2025-69215?

Yes, a public proof-of-concept exploit is available for CVE-2025-69215. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-69215?

Within 24 hours: Identify all systems running OpenSTAManager 2.9.8 or earlier and assess whether the Stampe Module is actively used; restrict network access to affected instances if possible. Within 7 days: Implement WAF rules to block SQL injection attempts targeting the Stampe Module endpoints; consider disabling the Stampe Module if business operations permit. Within 30 days: Monitor vendor communications for patch release; evaluate alternative invoicing/reporting solutions if no patch timeline is provided; conduct security audit of database access logs for signs of exploitation.

Openstamanager CVE-2025-69215

HIGH

SQL Injection (CWE-89)

2026-02-04 security-advisories@github.com

GHSA-qx9p-w3vj-q24q

SQLi Openstamanager

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 18, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Feb 04, 2026 - 18:16 nvd

HIGH 8.8

DescriptionGitHub Advisory

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.

AnalysisAI

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. [CVSS 8.8 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the Stampe component of Openstamanager. OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

CVE-2025-69215 vulnerability details – vuln.today

Back

Openstamanager CVE-2025-69215

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code