CVE-2025-11020

HIGH

MarkAny SafePC Enterprise <7.0.1 - SQL Injection

Title source: llm

Description

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

References (1)

Core 1

Core References

Various Sources

https://www.markany.com/enterprisesecurity?utm_campaign=markany_sa&utm_source=google_pc&utm_medium=gsa_pc&utm_term=cybersecurity&utm_content=&gad_source=1&gad_campaignid=21853187406&gbraid=0AAAAADOrb0lM8ZHyDytvnVwj9T--km9aM&gclid=Cj0KCQjwovPGBhDxARIsAFhgkwSh0F9hnsAoRTS8OnFI3KcF4_UMarYchq0uP5V1DiSQyKKVLdZPJNYaAiBuEALw_wcB

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 14.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-434 CWE-89

Status published

Products (2)

MarkAny/SafePC Enterprise V5.*.*

MarkAny/SafePC Enterprise V7.0.* (V7.0.YYYY.MM.DD) - V7.0.1

Published Oct 02, 2025

Tracked Since Feb 18, 2026