CVE-2025-25222

Published Feb 18, 2025

Last updated 19 hours ago

CVSS critical 9.8

Overview

Description
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.
Source
vultures@jpcert.or.jp
NVD status
Analyzed
Products
luxcal_web_calendar

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

vultures@jpcert.or.jp
CWE-89

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-25222 🔴 HIGH (7.3) 🏢 LuxSoft - The LuxCal Web Calendar 🏗️ prior to 5.3.3M (MySQL version) 🔗 https://t.co/Q0zOoOnLok 🔗 https://t.co/5phXFPoMy2 🔗 https://t.co/N1dndaCDd8 #CyberCron #VulnAlert https://t.co/iER3j0DBPB

    @cybercronai

    18 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. New post from https://t.co/uXvPWJy6tj (CVE-2025-25222 | LuxSoft LuxCal Web Calendar retrieve.php sql injection) has been published on https://t.co/I0YBdgqkjj

    @WolfgangSesin

    18 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Vulnerability Alert: Multiple Vulnerabilities in The LuxCal Web Calendar 📅 Timeline: Disclosure: 2025-02-17 📌 Attribution: 🆔cveId: CVE-2025-25221, CVE-2025-25222, CVE-2025-25223, CVE-2025-25224 📊baseScore: 7.3, 7.3, 5.8, 5.3 📏cvssMetrics:… https://t.co/Eug8BWGhPh

    @syedaquib77

    17 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.