CVE-2025-13774 | THREATINT

Description

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

PUBLISHED Reserved 2025-11-28 | Published 2026-01-13 | Updated 2026-01-14 | Assigner ProgressSoftware

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

affected

Flowmon ADS 12 versions prior to 12.5.4 (custom)

affected

Flowmon ADS 13 versions prior to 13.0.1 (custom)

affected

References

community.progress.com/s/article/Flowmon-ADS-CVE-2025-13774 vendor-advisory

cve.org (CVE-2025-13774)

nvd.nist.gov (CVE-2025-13774)

Download JSON