Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.
References
| Link | Resource |
|---|---|
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0001.md | Third Party Advisory |
| https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) | Vendor Advisory |
| https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57792 | Vendor Advisory |
| https://www.explorance.com/products/blue | Product |
Configurations
History
05 Feb 2026, 17:01
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:explorance:blue:*:*:*:*:*:*:*:* | |
| First Time |
Explorance
Explorance blue |
|
| References | () https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0001.md - Third Party Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) - Vendor Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57792 - Vendor Advisory | |
| References | () https://www.explorance.com/products/blue - Product |
28 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 10.0 |
28 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-28 18:16
Updated : 2026-02-05 17:01
NVD link : CVE-2025-57792
Mitre link : CVE-2025-57792
CVE.ORG link : CVE-2025-57792
JSON object : View
Products Affected
explorance
- blue
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')