CVE-2025-10870 CRITICAL

CVE-2025-10870: SQL injection in DIAL's CentrosNet

Vendor Dial

Product CentrosNet

Weakness CWE-89 · SQLi

Published November 7, 2025

Last update November 7, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'.

Key dates

02Disclosure timeline

November 7, 2025 CVE published

November 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10870

Related vulnerabilities

CVE-2025-10870: SQL injection in DIAL's CentrosNet

01Description

02Disclosure timeline

03References

04Related CVE