cvedb.io
CVE-2025-40622
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-05-06T11:15:51.917 · Last modified 2026-06-17T09:21:50.633

Summary

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ parameter of the ‘GetLastDatePasswordChange’ endpoint.

Affected products

tcman — gim

Does this affect you?

Add your gear to cvedb and we'll alert you only when tcman ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.