CVE-2025-46546 — LOW (3.5) — White Hats Nepal

Vulnerability Description

In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sherparpa	Sherpa Orchestrator	141851

Related Weaknesses (CWE)

CWE-89

References

https://deiteriy.comNot Applicable
https://gist.github.com/ArtemBrylev/59b4c0825a988f39a58b79e4e8d2f378Third Party Advisory
https://sherparpa.comProduct
https://twitter.com/ArtyomBrylevNot Applicable

FAQ

What is CVE-2025-46546?

CVE-2025-46546 is a vulnerability with a CVSS score of 3.5 (LOW). In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /ap...

How severe is CVE-2025-46546?

CVE-2025-46546 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-46546?

Check the references section above for vendor advisories and patch information. Affected products include: Sherparpa Sherpa Orchestrator.