CVE-2025-41032

Publication date

2025-09-04 11:06:27

Family

INCIBE

State

PUBLISHED

Description

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the data%5BAdmin%5D%5Busername%5D parameter in /apprain/admin/manage/add/.