PatchSiren cyber security CVE debrief
CVE-2025-7636 Ergosis Security Systems Computer Industry and Trade Inc. CVE debrief
CVE-2025-7636 is a high-severity SQL Injection vulnerability in ZEUS PDKS. The vulnerability has a CVSS score of 8.8 and was published on 2026-02-10. The issue affects ZEUS PDKS versions from <1.0.5.10 through 10022026. The vendor, Ergosis Security Systems Computer Industry and Trade Inc., was contacted but did not respond.
- Vendor
- Ergosis Security Systems Computer Industry and Trade Inc.
- Product
- ZEUS PDKS
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-06-05
Who should care
Users of ZEUS PDKS versions prior to 1.0.5.10 through 10022026 should apply patches or mitigations to prevent SQL Injection attacks.
Technical summary
The vulnerability is caused by improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL code, potentially leading to unauthorized data access, modification, or deletion.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates to ZEUS PDKS to version 1.0.5.10 or later.
- Implement input validation and sanitization to prevent SQL Injection attacks.
- Monitor systems for suspicious activity and implement incident response plans.
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability.
Official resources
CVE-2025-7636 was published on 2026-02-10 and modified on 2026-06-05.