CVE-2025-22371
SQL Injection in SicommNet BASEC Login Enables Auth Bypass
Description
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.
The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| sicommnet | basec | From 14.12.2021 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-04-14
CVE Last Modified Date:
2025-04-21
Report Generation Date:
2025-07-14
AI Powered Q&A Generation:
2025-04-15
EPSS Last Evaluated Date:
2025-07-02
NVD Report Link: