CVE-2025-29980

CRITICAL

eTRAKiT.net <3.2.1.77 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

Scores

CVSS v3 9.8
EPSS 0.0053
EPSS Percentile 40.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
centralsquare/etrakit.net 3.2.1.77
Published Mar 20, 2025
Tracked Since Feb 18, 2026