CVE-2025-67811

{"id": "CVE-2025-67811", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-67811", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T21:24:12.427919Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "affected": [{"source": "cve@mitre.org", "affectedData": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}]}], "published": "2026-01-09T20:15:52.000", "references": [{"url": "https://area9.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://security.area9lyceum.com/cve-2025-67811/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond."}, {"lang": "es", "value": "Area9 Rhapsode 1.47.3 permite la inyecci\u00f3n SQL a trav\u00e9s de m\u00faltiples puntos finales de API accesibles a usuarios autenticados. Una validaci\u00f3n de entrada insuficiente permite a atacantes remotos inyectar comandos SQL arbitrarios, lo que resulta en acceso no autorizado a la base de datos y un posible compromiso de datos sensibles. Corregido en v.1.47.4 y versiones posteriores."}], "lastModified": "2026-06-17T09:58:07.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:area9lyceum:rhapsode:1.47.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B9C2BE-307B-4B8C-8D0E-E2F8EF707C6D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}