CVE-2025-53122

Vulnerability Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.  Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Related Weaknesses (CWE)

References

• https://docs.opennms.com/meridian/2024/releasenotes/changelog.html#releasenotes-
• https://github.com/OpenNMS/opennms/pull/7709

FAQ

What is CVE-2025-53122?

CVE-2025-53122 is a documented vulnerability. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.  Users should upgrade to Meridian...

How severe is CVE-2025-53122?

CVSS scoring is not yet available for CVE-2025-53122. Check NVD for updates.

Is there a patch for CVE-2025-53122?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.