← back
CVE-2025-26086

CVE-2025-26086

CVSS 7.5 HIGHEPSS 11.3%CWE-89
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 11.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2025/May/21https://seclists.org/fulldisclosure/2025/May/21