Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk.
References
| Link | Resource |
|---|---|
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0002.md | Third Party Advisory |
| https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) | Vendor Advisory |
| https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57793 | Vendor Advisory |
| https://www.explorance.com/products/blue | Product |
Configurations
History
05 Feb 2026, 17:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Explorance
Explorance blue |
|
| CPE | cpe:2.3:a:explorance:blue:*:*:*:*:*:*:*:* | |
| References | () https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0002.md - Third Party Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) - Vendor Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57793 - Vendor Advisory | |
| References | () https://www.explorance.com/products/blue - Product |
28 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
28 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-28 18:16
Updated : 2026-02-05 17:00
NVD link : CVE-2025-57793
Mitre link : CVE-2025-57793
CVE.ORG link : CVE-2025-57793
JSON object : View
Products Affected
explorance
- blue
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')