CVE-2025-55885

MEDIUM

ARD Gec EN Ligne < 2025-04-23 - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php

Exploits (1)

nomisec WORKING POC 3 stars

by 0xZeroSec · poc

https://github.com/0xZeroSec/CVE-2025-55885

View Code ZIP pw:eip

References (4)

[Broken Link] http://alpes.com

[Broken Link] http://ard.com

[Exploit, Third Party Advisory] https://github.com/0xZeroSec/CVE-2025-55885

[Product] https://services.ard.fr/index.php

Scores

CVSS v3 6.3

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

ard/gec_en_ligne < 2025-04-23

Published Sep 22, 2025

Tracked Since Feb 18, 2026