CVE-2025-57792 | Explorance Blue versions prior to 8.14.9 contain a SQL injec… | CVSS 10.0 CRITICAL

Description

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.

Metadata

CVE ID: CVE-2025-57792
State: PUBLISHED
Assigner: Mandiant
Reserved: 2025-08-19 19:08 UTC
Published: 2026-01-28 17:26 UTC
Last updated: 2026-01-28 18:36 UTC
Primary CWE: CWE-89
CWE-89 Improper Neutralization of Special Elements used in a…
Vendor / Product: Explorance / Blue
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Explorance	Blue	—	0 < 8.14.9

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (4)