CVE-2025-40985

Published Jul 16, 2025

Last updated 2 days ago

CVSS high 8.3

Overview

Description
SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.
Source
cve-coordination@incibe.es
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

cve-coordination@incibe.es
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-40985 SQL Injection in SCATI Vision Web 4.8-7.2 Allows Database... https://t.co/T4uCQ5i8RV Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd

    @VulmonFeeds

    16 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-40985 SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database… https://t.co/Pe8qIIEYUU

    @CVEnew

    16 Jul 2025

    245 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.