CVE-2025-12865 HIGH

CVE-2025-12865: e-Excellence｜U-Office Force - SQL Injection

Vendor E-Excellence

Product U-Office Force

Weakness CWE-89 · SQLi

Published November 10, 2025

Last update November 10, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.

Key dates

02Disclosure timeline

November 10, 2025 CVE published

November 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12865

Related vulnerabilities

04Related CVE

CVE-2025-52821 WordPress Video List Manager plugin <= 1.7 - SQL Injection Vulnerability CVE-2025-30879 WordPress MC Woocommerce Wishlist plugin <= 1.8.9 - SQL Injection vulnerability CVE-2023-2412 SourceCodester AC Repair and Services System manage_user.php sql injection CVE-2025-40712 SQL injection vulnerability in Quiter Gateway CVE-2021-25109 Futurio Extra < 1.6.3 - Authenticated SQL Injection