CVE-2025-8536 CRITICAL

CVE-2025-8536: SQL Injection in DobryCMS

Vendor Studio Fabryka
Product DobryCMS
Weakness CWE-89 · SQLi
Published October 24, 2025
Last update October 24, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.

Key dates

02Disclosure timeline

October 24, 2025 CVE published
October 24, 2025 Record updated