ByteOS Network

NVD Vulnerability Details :

CVE-2025-62617

Analyzed

Source-security-advisories@github.com

Published At-22 Oct, 2025 | 22:15

Updated At-30 Oct, 2025 | 17:15

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Admidio

>>admidio>>Versions before 4.3.17(exclusive)

cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	security-advisories@github.com

CWE ID: CWE-89

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb	security-advisories@github.com	Patch
https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33	security-advisories@github.com	Exploit Vendor Advisory

Hyperlink: https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33

Source: security-advisories@github.com

Resource:

Exploit

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History