CVE-2025-4822 CRITICAL

CVE-2025-4822: SQLi in Bayraktar Solar Energies' ScadaWatt Otopilot

Vendor Bayraktar Solar Energies
Product ScadaWatt Otopilot
Weakness CWE-89 · SQLi
Published July 24, 2025
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025.

Key dates

02Disclosure timeline

July 24, 2025 CVE published
June 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-0946 SourceCodester Best POS Management System sql injection CVE-2023-5336 iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-49623 WordPress Duplicate Title Validate plugin <= 1.0 - SQL Injection vulnerability CVE-2024-49618 WordPress MyTweetLinks plugin <= 1.1.1 - SQL Injection vulnerability CVE-2025-7750 code-projects Online Appointment Booking System adddoctorclinic.php sql injection