CVE-2025-25206 | eLabFTW up to 5.1.14 Setting sql injection (GHSA-qffc-rfjh-77gg)

Posted by Angelo Barbosa | Feb 15, 2025 | CVE

A vulnerability has been found in eLabFTW up to 5.1.14 and classified as critical. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to sql injection.

This vulnerability was named CVE-2025-25206. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-25206 | eLabFTW up to 5.1.14 Setting sql injection (GHSA-qffc-rfjh-77gg)

Related Posts

CVE-2025-24882 | regclient up to 0.7.0 Registry input validation

CVE-2024-3184 | EmbedThis GoAhead up to 6.0.0 Request null pointer dereference

CVE-2024-40679 | IBM DB2/DB2 Connect Server 11.5 log file

CVE-2024-9073 | GutenGeek Free Gutenberg Blocks Plugin up to 1.1.3 on WordPress SVG File Upload cross site scripting