cvedb.io
CVE-2025-40985
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-07-16T10:15:28.897 · Last modified 2026-06-17T09:22:23.433

Summary

SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.