CVE-2025-8127

Name of the Vulnerable Software and Affected Versions deerwms versions 2.0 through 3.3

Description A critical vulnerability exists in deerwms that allows for SQL injection. The issue is located in the file /system/user/list and involves manipulation of the params[dataScope] argument. This allows for remote exploitation. The exploit has been publicly disclosed.

Recommendations Versions prior to 3.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.