CVE-2025-58780

HIGH

ScienceLogic SL1 <12.1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-58780. PoCs published by SexyShoelessGodofWar.

AI-analyzed exploit summary This repository contains a writeup for CVE-2025-58780, an SQL injection vulnerability in ScienceLogic's web platform affecting versions prior to 12.1.1. The vulnerability is described as being in the index.em7 file, with no exploit code provided.

Description

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."

Exploits (1)

nomisec WRITEUP

by SexyShoelessGodofWar · poc

https://github.com/SexyShoelessGodofWar/CVE-2025-58780

View Code ZIP pw:eip

This repository contains a writeup for CVE-2025-58780, an SQL injection vulnerability in ScienceLogic's web platform affecting versions prior to 12.1.1. The vulnerability is described as being in the index.em7 file, with no exploit code provided.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Theoretical

Target: ScienceLogic web platform < 12.1.1

No auth needed

Prerequisites: Access to the vulnerable ScienceLogic web platform

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1

Various Sources

https://github.com/SexyShoelessGodofWar/CVE-2025-58780

Scores

CVSS v3 7.2

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

ScienceLogic/SL1 < 12.1.1

Published Sep 05, 2025

Tracked Since Feb 18, 2026