← back
CVE-2025-27378

SQL Injection in AES Due to Inactive SQL Parsing Configuration

CVSS 8.6 HIGHEPSS 0.4%CWE-20CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected products
Altium · AES

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.altium.com/platform/security-compliance/security-advisories