Vulnerability Details CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.4%
CVSS Severity
CVSS v3 Score 3.5
References
Products affected by CVE-2025-46546
-
cpe:2.3:a:sherparpa:sherpa_orchestrator:141851