CVE-2025-43949

Name of the Vulnerable Software and Affected Versions MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) version 24.2.3

Description The issue allows an attacker to execute malicious SQL statements, controlling a web application's database server. This is due to a SQL Injection vulnerability.

Recommendations For version 24.2.3, consider restricting access to sensitive database operations until a patch is available. As a temporary workaround, review and limit the input allowed to the database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.