Share:

CVE-2025-41018 - Sergestec Exito

October 16, 2025

Critical 9.8

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.

Affected software

Sergestec Exito

Reference links

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sergestec-products

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.