← back
CVE-2025-62192

CVE-2025-62192

CVSS 5.3 MEDIUMEPSS 0.2%CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.2%KEV nãoPoC Patch
Lifecycle
12 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Japan Total System Co.,Ltd. · GroupSession byCloudJapan Total System Co.,Ltd. · GroupSession Free editionJapan Total System Co.,Ltd. · GroupSession ZION

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://groupsession.jp/info/info-news/security20251208https://jvn.jp/en/jp/JVN19940619/