CVE-2025-15498 CRITICAL

CVE-2025-15498: SQL Injection in Pro3W CMS

Vendor Pro3W

Product Pro3W CMS

Weakness CWE-89 · SQLi

Published February 27, 2026

Last update February 27, 2026

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.

Key dates

02Disclosure timeline

February 27, 2026 CVE published

February 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15498

Related vulnerabilities

CVE-2025-15498: SQL Injection in Pro3W CMS

01Description

02Disclosure timeline

03References

04Related CVE