PatchSiren cyber security CVE debrief
CVE-2025-10970 Kolay Software Inc. CVE debrief
A Blind SQL Injection vulnerability was found in Talentics by Kolay Software Inc. This issue affects Talentics through version 20022026. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.
- Vendor
- Kolay Software Inc.
- Product
- Talentics
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-20
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-20
- Advisory updated
- 2026-06-05
Who should care
Users of Talentics by Kolay Software Inc. should apply patches or mitigations to prevent Blind SQL Injection attacks.
Technical summary
The vulnerability is caused by Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection attacks.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates to Talentics by Kolay Software Inc. to fix the Blind SQL Injection vulnerability.
- Implement additional security measures to detect and prevent SQL Injection attacks.
Evidence notes
The vendor was contacted early about this disclosure but did not respond in any way.
Official resources
CVE-2025-10970 was published on 2026-02-20T12:16:14.530Z and modified on 2026-06-05T07:16:28.993Z.