PT-2026-1099 · Mars · Mars
Greengrass
+1
·
Published
2026-01-02
·
Updated
2026-01-06
·
CVE-2025-59387
CVSS v4.0
8.1
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MARS (Multi-Application Recovery Service) versions prior to 1.2.1.1686
Description
An SQL injection issue affects MARS (Multi-Application Recovery Service). Successful exploitation could allow remote attackers to execute unauthorized code or commands. It is estimated that over 3.25 million instances are exposed. The vulnerability allows attackers to potentially execute unauthorized code or commands through SQL injection. The API endpoints and vulnerable parameters are not specified.
Recommendations
Update MARS (Multi-Application Recovery Service) to version 1.2.1.1686 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mars