CVE-2025-14254 HIGH

CVE-2025-14254: Galaxy Software Services｜Vitals ESP - SQL Injection

Vendor Galaxy Software Services

Product Vitals ESP

Weakness CWE-89 · SQLi

Published December 8, 2025

Last update December 8, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Key dates

02Disclosure timeline

December 8, 2025 CVE published

December 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-14254

Related vulnerabilities

04Related CVE

CVE-2024-43132 WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability CVE-2025-8811 code-projects Simple Art Gallery registration.php sql injection CVE-2025-4457 Project Worlds Car Rental Project approve.php sql injection CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection CVE-2025-13757