CVE Catalog

CVE-2025-69094

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Summary

The Unicamp plugin version 2.2.2 and earlier contains a SQL injection vulnerability exploitable by subscribers. An attacker with subscriber privileges can inject malicious SQL queries, potentially leading to unauthorized database access.

Risk Assessment

The risk includes potential leakage of sensitive user data and modification or deletion of database records, which could compromise system integrity and data privacy.

Recommendation

It is recommended to immediately update the Unicamp plugin to the latest available version that fixes this vulnerability. Also, restrict subscriber privileges to the minimum necessary for operation.

Original NVD description (English source)

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS