CVE-2025-10610

Name of the Vulnerable Software and Affected Versions Winsure versions through August 21, 2025

Description A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL code within the database backend, potentially leading to full database exfiltration without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.