CVE-2025-68914 MEDIUM

CVE-2025-68914

Vendor Riello

Product NetMan

Weakness CWE-89 · SQLi

Published December 24, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-68914

Related vulnerabilities

04Related CVE

CVE-2020-15628 CVE-2025-53122 SQLi in OpenNMS Horizon and Meridian CVE-2016-6566 The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database CVE-2025-2054 code-projects Blood Bank Management System edit_state.php sql injection CVE-2024-25937 Delta Electronics DIAEnergie SQL injection