PatchSiren cyber security CVE debrief
CVE-2025-4686 Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. CVE debrief
CVE-2025-4686 is a HIGH severity vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment. The vulnerability is caused by Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). This issue affects Online Exam and Assessment: through 30012026.
- Vendor
- Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co.
- Product
- Online Exam and Assessment
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-30
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-01-30
- Advisory updated
- 2026-06-05
Who should care
Users of Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment through version 30012026 should be aware of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.
Defensive priority
This vulnerability is considered HIGH severity and should be prioritized for remediation.
Recommended defensive actions
- Apply the necessary patches or updates to Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment to prevent SQL injection attacks.
- Restrict access to the affected system to prevent unauthorized access.
- Monitor the affected system for suspicious activity.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2025-4686 was published on [cvePublishedAt] and last modified on [cveModifiedAt].