CVE-2025-4822

CRITICAL

ScadaWatt Otopilot <27.05.2025 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-4822. PoCs published by sahici.

AI-analyzed exploit summary The repository contains only a README.md file with a placeholder message indicating an official announcement is pending. No exploit code or technical details are provided.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025.

Exploits (1)

nomisec STUB

by sahici · poc

https://github.com/sahici/CVE-2025-4822

View Code ZIP pw:eip

The repository contains only a README.md file with a placeholder message indicating an official announcement is pending. No exploit code or technical details are provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Government Resource government-resource

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0175

Third Party Advisory, US Government Resource government-resource broken-link

https://www.usom.gov.tr/bildirim/tr-25-0175

Scores

CVSS v3 9.8

EPSS 0.0068

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

Bayraktar Solar Energies/ScadaWatt Otopilot < 27.05.2025

Published Jul 24, 2025

Tracked Since Feb 18, 2026