CVE-2025-70420

Description

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.

PUBLISHED Reserved 2026-01-09 | Published 2026-04-21 | Updated 2026-04-22 | Assigner mitre

References

okunsec.com/research/cve-2025-70420 exploit

genesys.com

okunsec.com/research/cve-2025-70420

cve.org (CVE-2025-70420)

nvd.nist.gov (CVE-2025-70420)

Download JSON