CVE-2025-55885
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
SQL Injection vulnerability in ARD GEC en Lign software before version 2025-04-23 allows a remote attacker to escalate privileges via GET parameters in index.php.
Risk Assessment
An attacker can exploit this vulnerability to gain unauthorized access to the database, steal data, or take control of the system, posing a serious threat to the confidentiality and integrity of organizational data.
Recommendation
Immediately update ARD GEC en Lign software to version 2025-04-23 or later, which includes a fix for the SQL Injection vulnerability.
Original NVD description (English source)
SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php

