CVE-2025-62367 MEDIUM

CVE-2025-62367: Taiga Blind SQL Injection Time Based

Vendor Taigaio

Product taiga-back

Weakness CWE-89 · SQLi

Published October 28, 2025

Last update October 28, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.

Key dates

02Disclosure timeline

October 28, 2025 CVE published

October 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62367

Related vulnerabilities

04Related CVE

CVE-2025-3006 PHPGurukul e-Diary Management System edit-category.php sql injection CVE-2025-13057 Campcodes School Fees Payment Management System ajax.php sql injection CVE-2025-41009 SQL injection on the virtual campus platform of Diseño de Recursos Educativos CVE-2021-24750 WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection CVE-2023-1498 code-projects Responsive Hotel Site Newsletter Log messages.php sql injection