CVE-2025-10095
MEDIUMSMSEagle < 6.11 - SQL Injection in SMPP Server Component
Title source: llmDescription
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated database, separate from the main software's database. This isolation limits the scope of the vulnerability to the SMPP server's operations. The vulnerability arises from improper sanitization of user input in the SMPP server's scripts. This issue has been fixed in version 6.11.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/09/CVE-2025-10095
Various Sources vendor-advisory
https://www.smseagle.eu/security-advisory/resolved-sql-injection-in-smpp-component-of-smseagle-software-6-11/
Scores
CVSS v4
5.3
EPSS
0.0022
EPSS Percentile
12.2%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
Proximus sp. z o.o./SMSEagle
< 6.11
Published
Sep 09, 2025
Tracked Since
Feb 18, 2026