CVE-2025-29980

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-29980

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

References
Link Resource
https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d Patch
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:centralsquare:etrakit.net:3.2.1.77:*:*:*:*:*:*:*
History

23 Sep 2025, 14:45

Type Values Removed Values Added
CPE cpe:2.3:a:centralsquare:etrakit.net:3.2.1.77:*:*:*:*:*:*:*
First Time Centralsquare
Centralsquare etrakit.net
References () https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d - () https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d - Patch
References () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json - () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json - Third Party Advisory
Summary
  • (es) Se ha detectado un problema de inyección SQL en la versión 3.2.1.77 de eTRAKiT.net. Debido a una validación de entrada incorrecta, un atacante remoto no autenticado puede ejecutar comandos arbitrarios utilizando la cuenta actual del servidor MS SQL. Se recomienda desactivar la función CRM en la versión 3.2.1.77 de eTRAKiT.net. eTRAKiT.Net ya no es compatible, y se recomienda a los usuarios migrar a la última versión de CentralSquare Community Development.

20 Mar 2025, 20:15

Type Values Removed Values Added
References
  • () https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d -

20 Mar 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-20 19:15

Updated : 2025-09-23 14:45

NVD link : CVE-2025-29980

Mitre link : CVE-2025-29980

CVE.ORG link : CVE-2025-29980

JSON object : View

Products Affected

centralsquare

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')