CVE-2025-40985

Vulnerability Description

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.

Related Weaknesses (CWE)

CWE-89

References

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-scati-vision-we

FAQ

What is CVE-2025-40985?

CVE-2025-40985 is a documented vulnerability. SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the ...

How severe is CVE-2025-40985?

CVSS scoring is not yet available for CVE-2025-40985. Check NVD for updates.

Is there a patch for CVE-2025-40985?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.