CVE-2025-1156

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 10, 2025

CWE ID 74

CWE ID 89

Summary

CVE-2025-1156 is a critical vulnerability affecting Pix Software Vivaz 6.0.10. The issue lies within the unknown code of the /servlet?act=login file, and is triggered by manipulating the argument "usuario." This manipulation enables sql injection, allowing remote attacks. Although the vulnerability was reported to the vendor, they have not responded, leaving systems using the software potentially exposed and at risk of exploitation by malicious actors.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vivaz

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3NvV19
https://www.cve.org/CVERecord?id=CVE-2025-1156
https://nvd.nist.gov/vuln/detail/CVE-2025-1156

Back to Vulnerability Database

CVE-2025-1156

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations