CVE-2025-15560
Awaiting Analysis Awaiting Analysis - Queue

SQL Injection in WorkTime Server Widget API Enables Data Theft

Vulnerability report for CVE-2025-15560, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-19

Last updated on: 2026-02-26

Assigner: SEC Consult Vulnerability Lab

Description

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-19
Last Modified
2026-02-26
Generated
2026-07-06
AI Q&A
2026-02-19
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nestersoft worktime to 11.8.8 (inc)
nestersoft worktime to 11.8.8 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a SQL injection in the WorkTime server "widget" API endpoint that can be exploited by an authenticated attacker with minimal permissions.

Depending on the database backend used, the impact differs: if the Firebird backend is used, attackers can retrieve all data from the database; if the MSSQL backend is used, attackers can execute arbitrary SQL statements and gain access to sensitive data.

Impact Analysis

An attacker exploiting this vulnerability can retrieve or manipulate sensitive data stored in the database backend.

  • If using Firebird backend, attackers can retrieve all data from the database.
  • If using MSSQL backend, attackers can execute arbitrary SQL commands, potentially leading to data breaches or unauthorized data manipulation.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15560. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart