CVE-2025-40717 CRITICAL

CVE-2025-40717: SQL injection vulnerability in Quiter Gateway

Vendor Quiter

Product Quiter Gateway (Java WAR on Apache Tomcat)

Weakness CWE-89 · SQLi

Published July 8, 2025

Last update July 10, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.

Key dates

02Disclosure timeline

July 8, 2025 CVE published

July 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40717

Related vulnerabilities

Identifiers

CVE CVE-2025-40717

CWE CWE-89

CVSS 9.3 / CRITICAL

Affected versions