cvedb.io
CVE-2025-67811
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-01-09T20:15:52.000 · Last modified 2026-06-17T09:58:07.803

Summary

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.

Affected products

area9lyceum — rhapsode

Does this affect you?

Add your gear to cvedb and we'll alert you only when area9lyceum ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.