CVE-2025-67081 — MEDIUM (4.9)

Q: How severe is CVE-2025-67081?

CVE-2025-67081 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-67081?

Check the references section above for vendor advisories and patch information. Affected products include: Itflow Itflow.

Vulnerability Description

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Itflow	Itflow	<= 25.06

Related Weaknesses (CWE)

CWE-89

References

https://github.com/itflow-org/itflowProduct
https://www.helx.io/blog/advisory-itflow/Third Party Advisory

FAQ

What is CVE-2025-67081?

CVE-2025-67081 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL inject...

How severe is CVE-2025-67081?

CVE-2025-67081 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67081?

Check the references section above for vendor advisories and patch information. Affected products include: Itflow Itflow.