CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.2%

CVSS Severity

CVSS v3 Score 9.8

References

http://harmony.com
http://wellsky.com
https://machevalia.blog/blog/cve-2025-56385-wellsky-harmony-sql-injection

Products affected by CVE-2025-56385

Wellsky » Harmony » Version: 4.1.0.2.83

cpe:2.3:a:wellsky:harmony:4.1.0.2.83

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-56385

Products

Pricing

Contact Us