CVE-2025-20620

Summary

CVE-2025-20620 is a newly identified SQL Injection vulnerability affecting the STEALTHONE D220/D340 products supplied by Y'S corporation. Successful exploitation of this flaw allows attackers to gain unauthorized access to the administrative password of the web management page. This vulnerability poses a significant risk to system security and should be addressed promptly through software updates or other mitigation measures. Y'S corporation is urged to provide guidance and patches to remediate this issue. Attackers with access to the affected product can leverage this SQL Injection vulnerability, identified as CVE-2025-20620, to penetrate the web management page of STEALTHONE D220/D340 devices provided by Y'S corporation. The vulnerability exposes the administrative password, increasing the risk of unauthorized system access and potential data breaches. Organizations using these products are advised to apply patches or alternative mitigation strategies to protect their systems from exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.