CVE-2025-11252

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.

This issue affects windesk.Fm: before v2.3.4.  NOTE:  The vendor patched the vulnerability after the CVE was published.

Affected Software

VendorProductVersion RangeStatus
Signum Technology Promotion and Training Inc.windesk.fm0 < v2.3.4affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References