CVE-2025-7918 CRITICAL

CVE-2025-7918: Simopro Technology｜WinMatrix3 Web package - SQL Injection

Vendor Simopro Technology

Product WinMatrix3 Web package

Weakness CWE-89 · SQLi

Published July 21, 2025

Last update July 21, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Key dates

02Disclosure timeline

July 21, 2025 CVE published

July 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7918 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability CVE-2025-12262 code-projects Online Event Judging System edit_criteria.php sql injection CVE-2023-50853 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection CVE-2024-13781 Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige

Identifiers

CVE CVE-2025-7918

CWE CWE-89

CVSS 9.3 / CRITICAL

Affected versions

Vendor Simopro Technology

Product WinMatrix3 Web package

Affected ≤ 1.2.39.5