{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-0603", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-20T08:39:28.506Z", "datePublished": "2025-10-07T11:43:34.206Z", "dateUpdated": "2026-06-06T07:31:12.017Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-06T07:31:12.017Z" }, "title": "SQLi in Callvision Healthcare's Callvision Emergency Code", "datePublic": "2025-10-07T11:42:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-66", "descriptions": [ { "lang": "en", "value": "CAPEC-66 SQL Injection" } ] }, { "capecId": "CAPEC-7", "descriptions": [ { "lang": "en", "value": "CAPEC-7 Blind SQL Injection" } ] } ], "affected": [ { "vendor": "Callvision Healthcare", "product": "Callvision Emergency Code", "versions": [ { "status": "affected", "version": "0", "lessThan": "V3.0", "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.\n\nThis issue affects Callvision Emergency Code: before V3.0.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.

This issue affects Callvision Emergency Code: before V3.0.

" } ] } ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-25-0320", "tags": [ "government-resource", "broken-link" ] }, { "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0320", "tags": [ "government-resource" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } } ], "credits": [ { "lang": "en", "value": "Mustafa GÜNEL", "type": "finder" } ], "source": { "defect": [ "TR-25-0320" ], "advisory": "TR-25-0320", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-10-07T14:23:37.380369Z", "id": "CVE-2025-0603", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-07T14:23:51.917Z" } } ] } }