EUVD-2025-19232

| CVE-2025-53122 MEDIUM
2025-06-26 [email protected]
SQLi
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None

Lifecycle Timeline

4
patch_available
Apr 16, 2026 - 05:29 EUVD
33.1.6,2024.2.6
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2025-19232
CVE Published
Jun 26, 2025 - 20:15 nvd
MEDIUM 6.9

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.

Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

AnalysisAI

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.

Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

Share

EUVD-2025-19232 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy