CVE-2025-32993

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 15, 2025

CWE ID 89

Summary

CVE-2025-32993 is a vulnerability affecting Vision Helpdesk versions up to 5.7.0. This issue enables Time-Based Blind SQL injection attacks through the Forgot Password functionality, accessible via the index.php?/home/forgot-password endpoint. Unlike other SQL injection vulnerabilities, no authentication is required to exploit this weakness, posing a significant risk to unpatched systems. Successful exploitation allows attackers to extract sensitive data from affected databases. It is crucial for organizations using VisionHelpdesk to apply the necessary patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Help Desk

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5PKb5r
https://www.cve.org/CVERecord?id=CVE-2025-32993
https://nvd.nist.gov/vuln/detail/CVE-2025-32993

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-32993

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations