PT-2025-47166 · Digi · Digi On-Prem Manager
Published
2025-11-17
·
Updated
2025-11-17
·
CVE-2025-13319
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Digi On-Prem Manager (affected versions not specified)
Description
An injection flaw exists in the API feature of Digi On-Prem Manager. An attacker with valid API tokens can inject SQL code via crafted input. The API is not enabled by default. The vulnerability allows for potential database compromise through the injection of malicious SQL.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Digi On-Prem Manager