Home > Vulnerability Database > CVE-2025-62617

Mend.io Vulnerability Database

CVE-2025-62617

Good to know:

Date: October 22, 2025

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17.

Severity Score

7.2

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62617

Url: https://github.com/Admidio/admidio/commit/fde81ae869e88a3cf42201f2548d57df785a37cb

Url: https://github.com/Admidio/admidio

Url: https://github.com/Admidio/admidio/security/advisories/GHSA-2v5m-cq9w-fc33

Url: https://www.mend.io/vulnerability-database/CVE-2025-62617

Severity Score

7.2

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version admidio/admidio - v4.3.17

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62617

Good to know:

Date: October 22, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?