CVE-2025-15424

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0

Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the ID argument within the HTTP GET parameter handler of the /worksheet/agent worksdel.jsp file. Remote exploitation is possible. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.