CVE-2025-25222

Summary

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved.

Affected Software

VendorProductVersion RangeStatus
LuxSoftThe LuxCal Web Calendarprior to 5.3.3M (MySQL version)affected
LuxSoftThe LuxCal Web Calendarprior to 5.3.3L (SQLite version)affected

Weaknesses

  • CWE-89: Improper neutralization of special elements used in an SQL command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References