- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)
- Source
- csirt@divd.nl
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:X
- Severity
- CRITICAL
- csirt@divd.nl
- CWE-89
- Hype score
- Not currently trending
🚨 CVE-2025-22371 ⚠️🔴 CRITICAL (9.3) 🏢 SicommNet - BASEC 🏗️ 14 Dec 2021 🔗 https://t.co/RKsdPc3pjd 🔗 https://t.co/lYNkHEIEkx 🔗 https://t.co/iZ0z9TfZPN #CyberCron #VulnAlert #InfoSec https://t.co/j4c2wPrX8g
@cybercronai
16 Apr 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22371 SQL Injection in SicommNet BASEC SaaS Enabling Unauthenticated Authentication Bypass https://t.co/L13Px165id
@VulmonFeeds
14 Apr 2025
91 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22371: CRITICAL] SQL Injection vulnerability in SicommNet BASEC login page allows remote attackers to bypass authentication & execute SQL commands. No patch available as of date.#cybersecurity,#vulnerability https://t.co/irfPETOkKL https://t.co/Pa3j553ur3
@CveFindCom
14 Apr 2025
91 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22371 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthentica… https://t.co/QsfvD9NESf
@CVEnew
14 Apr 2025
433 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨#DIVD has just issued its FIRST warning on a critical, unpatched bug in #SicommNet BASEC (CVE-2025-22371)! 🛑 A deadly SQL injection flaw is exposing sensitive government procurement data. Read our annotated report 👉 https://t.co/GCVfrB3IbW 🔥 #CyberSec #Infosec #exploit
@BaseFortify
14 Apr 2025
88 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes