PatchSiren cyber security CVE debrief
CVE-2025-11252 Signum Technology Promotion and Training Inc. CVE debrief
A critical vulnerability was discovered in Windesk.Fm, a product of Signum Technology Promotion and Training Inc. The issue, identified as CVE-2025-11252, is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. This vulnerability allows for SQL Injection attacks, posing a significant risk to affected systems.
- Vendor
- Signum Technology Promotion and Training Inc.
- Product
- windesk.fm
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-27
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-02-27
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Windesk.Fm versions before v2.3.4 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The CVE-2025-11252 vulnerability has a CVSS score of 9.8, indicating a critical severity level. The vulnerability affects Windesk.Fm versions before v2.3.4. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited over the network with low attack complexity and no privileges required.
Defensive priority
High
Recommended defensive actions
- Upgrade Windesk.Fm to version v2.3.4 or later.
- Implement additional security measures to detect and prevent SQL Injection attacks.
Evidence notes
The vendor patched the vulnerability after the CVE was published.
Official resources
-
CVE-2025-11252 CVE record
CVE.org
-
CVE-2025-11252 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2025-11252 was published on 2026-02-27T13:16:01.343Z and modified on 2026-06-04T20:16:55.780Z.