CVE-2025-67811 | THREATINT

Description

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond.

PUBLISHED Reserved 2025-12-12 | Published 2026-01-09 | Updated 2026-01-09 | Assigner mitre

References

area9.com

security.area9lyceum.com/cve-2025-67811/

cve.org (CVE-2025-67811)

nvd.nist.gov (CVE-2025-67811)

Download JSON