CVE-2025-40714

Published Jul 8, 2025

Last updated 10 days ago

CVSS critical 9.3

Overview

Description
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp.
Source
cve-coordination@incibe.es
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

cve-coordination@incibe.es
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-40714 SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete datab… https://t.co/vxXlDCXdgz

    @CVEnew

    8 Jul 2025

    299 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-40714: CRITICAL] Critical SQL injection vulnerability in Quiter Gateway (versions &lt; 4.7.0) enables attackers to manipulate databases via id_factura field in listado_facturas_ficha.jsp.#cve,CVE-2025-40714,#cybersecurity https://t.co/bYuSwixv7H https://t.co/fND7Shu4eX

    @CveFindCom

    8 Jul 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.