CVE-2025-52085
HIGHYoosee 6.32.4 - Authenticated SQL Injection via Backend API Endpoint
Title source: llmDescription
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner and version, current database user and schema, the current DBMS user privileges, and arbitrary data from any table.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://medium.com/@pundhapat/sqli-in-the-cloud-root-on-the-board-a-beginners-journey-into-iot-hacking-06efb2539a21
Product
https://yoosee.app
Scores
CVSS v3
8.8
EPSS
0.0047
EPSS Percentile
37.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
yoosee/yoosee
6.32.4
Published
Aug 22, 2025
Tracked Since
Feb 18, 2026