CVE-2026-25606 | THREATINT

Description

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the application itself is able to access This issue was fixed in version 9.5.

PUBLISHED Reserved 2026-02-03 | Published 2026-05-22 | Updated 2026-05-22 | Assigner CERT-PL

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

Any version before 9.5

affected

Credits

Michelin CERT finder

References

cert.pl/posts/2026/05/CVE-2026-25606 third-party-advisory

www.ciop.pl/...nfpb=true&_pageLabel=P52000165211572544981480 product

cve.org (CVE-2026-25606)

nvd.nist.gov (CVE-2026-25606)

Download JSON