CRITICAL🇵🇱 Wersja polska

CVE-2025-4285

CVSS 10.0v3.1pub. 2025-07-22upd. 2026-06-05

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32.

🤖 AI Analysis
How it works

The vulnerability results from improper neutralization of special characters in input data passed to SQL queries (Improper Neutralization of Special Elements used in an SQL Command). An unauthenticated attacker can remotely inject malicious SQL commands into queries executed by the application over the network. The attack vector indicates no requirements for privileges and user interaction, and the vulnerability has scope beyond the original component (Scope: Changed).

Impact

An attacker can gain full access to the database — read, modify or delete data, and depending on server configuration, potentially take control of the system. The vulnerability enables compromise of confidentiality, integrity and availability of data to the highest degree.

Mitigation & patch

The Agentis application must be immediately updated to version 4.32 or later. Details are available in the manufacturer's references and USOM announcements at https://www.usom.gov.tr/bildirim/tr-25-0168.

Who is affected

Rolantis Information Technologies Agentis application in all versions before 4.32.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References