CVE-2025-58780

HIGH

ScienceLogic SL1 <12.1.1 - SQL Injection

Title source: llm

Description

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."

Exploits (1)

nomisec WRITEUP

by SexyShoelessGodofWar · poc

https://github.com/SexyShoelessGodofWar/CVE-2025-58780

View Code ZIP pw:eip

References (2)

[Various Sources] https://docs.sciencelogic.com/release_notes_html/Content/12-1-1/12-1-1_release_notes.htm#New_Features_in_12-1-1

[Various Sources] https://github.com/SexyShoelessGodofWar/CVE-2025-58780

Scores

CVSS v3 7.2

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

ScienceLogic/SL1 < 12.1.1

Published Sep 05, 2025

Tracked Since Feb 18, 2026