PT-2025-27011 · Opennms · Opennms Horizon+1
Fábio Tomé
·
Published
2025-06-26
·
Updated
2025-06-27
·
CVE-2025-53122
CVSS v4.0
6.9
Medium
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
OpenNMS Meridian versions prior to 2024.2.6
OpenNMS Horizon versions prior to 33.16
Description:
The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Users are advised to follow installation instructions carefully, as Meridian and Horizon are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
Recommendations:
For OpenNMS Meridian versions prior to 2024.2.6, upgrade to Meridian 2024.2.6 or newer.
For OpenNMS Horizon versions prior to 33.16, upgrade to Horizon 33.16 or newer.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opennms Horizon
Opennms Meridian