{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10610", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-09-17T07:43:02.510Z", "datePublished": "2025-10-14T12:43:37.800Z", "dateUpdated": "2026-06-05T08:34:37.063Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-05T08:34:37.063Z"}, "title": "SQLi in SFS Winsure", "datePublic": "2025-10-14T12:41:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "affected": [{"vendor": "SFS Consulting Information Processing Industry and Foreign Trade Inc.", "product": "Winsure", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "Version dated 21.08.2025", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.<p>This issue affects Winsure: through Version dated 21.08.2025.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0337", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Enes Ebubekir", "type": "finder"}], "source": {"defect": ["TR-25-0337"], "advisory": "TR-25-0337", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T13:12:16.466863Z", "id": "CVE-2025-10610", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:12:26.765Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-14T13:12:16.466863Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T13:12:21.232Z"}}], "cna": {"title": "SQLi in SFS Winsure", "source": {"defect": ["TR-25-0337"], "advisory": "TR-25-0337", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Enes Ebubekir"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SFS Consulting Information Processing Industry and Foreign Trade Inc.", "product": "Winsure", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "Version dated 21.08.2025"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-14T12:41:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0337", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.<p>This issue affects Winsure: through Version dated 21.08.2025.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-06-05T08:34:37.063Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10610", "state": "PUBLISHED", "dateUpdated": "2026-06-05T08:34:37.063Z", "dateReserved": "2025-09-17T07:43:02.510Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-10-14T12:43:37.800Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025."}], "id": "CVE-2025-10610", "lastModified": "2026-06-05T09:16:25.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}, "published": "2025-10-14T13:15:36.597", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337"}, {"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-25-0337"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}

{}