Security Advisory

CVE-2025-13319

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-17 16:37:40
Last updated 2025-11-17 16:46:47
Assigner Digi
State PUBLISHED

Description

An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack.