1. Home
  2. CVE Database
  3. CVE-2025-29980
CRITICAL · 9.8

CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server a...

Vulnerability Description

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CentralsquareEtrakit.Net3.2.1.77

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2025-29980?

CVE-2025-29980 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server a...

How severe is CVE-2025-29980?

CVE-2025-29980 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-29980?

Check the references section above for vendor advisories and patch information. Affected products include: Centralsquare Etrakit.Net.