CVE-2025-40712 CRITICAL

CVE-2025-40712: SQL injection vulnerability in Quiter Gateway

Vendor Quiter

Product Quiter Gateway (Java WAR on Apache Tomcat)

Weakness CWE-89 · SQLi

Published July 8, 2025

Last update August 7, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.

Key dates

02Disclosure timeline

July 8, 2025 CVE published

August 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40712

Related vulnerabilities

Identifiers

CVE CVE-2025-40712

CWE CWE-89

CVSS 9.3 / CRITICAL

Affected versions