CVE-2025-1981

9.4

Critical

Published:16 Apr 2025

Last updated:17 Jun 2026

Source:cvd@cert.pl

Deferred

Weakness (CWE)

CWE-89SQL Injection

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: Low
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks.

References

cvd@cert.pl

https://cert.pl/en/posts/2025/04/CVE-2025-1980

cvd@cert.pl

https://cert.pl/posts/2025/04/CVE-2025-1980

cvd@cert.pl

https://ready-os.com/pl/