CVE-2025-1389

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 17, 2025

CWE ID 89

Summary

CVE-2025-1389 is a SQL Injection vulnerability affecting Orca HCM by Learning Digital. This issue grants attackers with regular privileges the ability to inject malicious SQL commands into the system. The impact of this vulnerability is significant, as it enables unauthorized read, modification, and deletion of database contents. An attacker could exploit this flaw to gain unintended access to sensitive HR data or manipulate it for malicious purposes, posing a serious threat to an organization's confidentiality and integrity. Organizations using Orca HCM are advised to apply the necessary patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cANjb
https://www.cve.org/CVERecord?id=CVE-2025-1389
https://nvd.nist.gov/vuln/detail/CVE-2025-1389

Back to Vulnerability Database

CVE-2025-1389

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations