CVE-2025-40682 HIGH

CVE-2025-40682: SQL injection vulnerability in Human Resource Management System

Vendor Human Resource Management System

Product Human Resource Management System

Weakness CWE-89 · SQLi

Published July 29, 2025

Last update July 29, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

Key dates

02Disclosure timeline

July 29, 2025 CVE published

July 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40682 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2025-40682

CWE CWE-89

CVSS 8.7 / HIGH

Affected versions