CVE-2025-8536
CRITICALDobryCMS < 3.0 - SQL Injection via Language Functionality
Title source: llmDescription
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/posts/2025/10/CVE-2025-8536
Various Sources product
https://studiofabryka.pl/systemy_cms.html
Scores
CVSS v4
9.3
EPSS
0.0027
EPSS Percentile
19.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
Studio Fabryka/DobryCMS
< 3.0
Published
Oct 24, 2025
Tracked Since
Feb 18, 2026