CVE-2025-3707: Sunnet eHRD CTMS - SQL Injection

6.5 CVSS

Description

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.

Classification

CVE ID: CVE-2025-3707

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected Products

Vendor: Sunnet

Product: eHRD CTMS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.85% (scored less or equal to compared to others)

EPSS Date: 2025-05-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3707
https://www.twcert.org.tw/tw/cp-132-10083-4ed7f-1.html
https://www.twcert.org.tw/en/cp-139-10084-d7c47-2.html

Timeline

2025-05-02 03:40:10 UTC
CVE

Sunnet eHRD CTMS - SQL Injection