CVE-2025-58628

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions Miraculous versions prior to 2.0.9

Description The Miraculous software contains a SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection.

Recommendations Update Miraculous to version 2.0.9 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-58628

Affected Products

Miraculous

CVE-2025-58628

Weakness Enumeration

Related Identifiers

Affected Products

References · 7