How to fix CVE-2025-8587?

Within 24 hours: Inventory all SKSPro deployments and isolate affected systems from production networks where possible. Within 7 days: Implement WAF rules to block SQL injection patterns, enable database activity monitoring, and restrict database user privileges to least-privilege principles. Within 30 days: Evaluate alternative solutions, establish vendor communication for patch timeline, and conduct comprehensive database access audit for signs of compromise.

Is Skspro affected by CVE-2025-8587?

SKSPro instances are vulnerable to SQL injection attacks that could allow unauthorized database access and data theft. Organizations running SKSPro through version 07012026 face immediate risk of data compromise and potential regulatory violations, with no vendor patch currently available to…

CVE-2025-8587

HIGH

2026-02-02 [email protected]

8.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

CVE Published

Feb 02, 2026 - 13:15 nvd

HIGH 8.6

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

Analysis

Technical Context

Classified as CWE-89 (SQL Injection). Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

Affected Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +43

POC: 0

CVE-2025-8587 vulnerability details – vuln.today

Back

CVE-2025-8587

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-8587

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code