๐Ÿ” CVE Alert

CVE-2025-56385

CRITICAL 9.8
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.

Vendor n/a
Product n/a
Published Nov 12, 2025
Last Updated Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wellsky.com: http://wellsky.com machevalia.blog: https://machevalia.blog/blog/cve-2025-56385-wellsky-harmony-sql-injection