PatchSiren cyber security CVE debrief
CVE-2025-5319 Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. CVE debrief
A SQL Injection vulnerability was discovered in DIGITA Efficiency Management System through 03022026. This issue allows attackers to inject malicious SQL code, potentially leading to unauthorized access, data tampering, or data exposure. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL.
- Vendor
- Emit Informatics and Communication Technologies Industry and Trade Ltd. Co.
- Product
- DIGITA Efficiency Management System
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-03
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-03
- Advisory updated
- 2026-06-05
Who should care
Users of DIGITA Efficiency Management System through 03022026 should apply patches or mitigations to prevent SQL Injection attacks.
Technical summary
The vulnerability is caused by improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL code, potentially leading to unauthorized access, data tampering, or data exposure.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates to DIGITA Efficiency Management System to prevent SQL Injection attacks.
- Implement input validation and sanitization to prevent malicious SQL code injection.
- Monitor system logs for suspicious activity.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2025-5319 was published on 2026-02-03T15:16:11.903Z and modified on 2026-06-05T15:16:41.353Z.