CVE-2025-67081

Name of the Vulnerable Software and Affected Versions Itflow versions through 25.06

Description An SQL injection issue exists in Itflow due to insufficient sanitization of integer parameters. Specifically, the "role id" parameter is vulnerable when editing a profile. An attacker with administrative privileges can exploit this through blind SQL injection to extract arbitrary data from the database. The vulnerable parameter is role id.

Recommendations Versions prior to 25.06 should be updated. Ensure proper sanitization of the role id parameter when editing profiles.