CVE-2025-26852 CRITICAL

CVE-2025-26852

Vendor Descor
Product Infocad FM
Weakness CWE-89 · SQLi
Published March 20, 2025
Last update April 3, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
April 3, 2025 Record updated