CVE-2025-10399

Name of the Vulnerable Software and Affected Versions Korzh EasyQuery versions through 7.4.0

Description A weakness exists in Korzh EasyQuery due to SQL injection. The issue affects unknown processing of the /api/easyquery/models/nwind/fetch API endpoint within the Query Builder UI component. This manipulation can be initiated remotely. The exploit has been made publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.