{"api_version":"1","generated_at":"2026-06-27T07:50:24+00:00","cve":"CVE-2025-10610","urls":{"html":"https://cve.report/CVE-2025-10610","api":"https://cve.report/api/cve/CVE-2025-10610.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-10610","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-10610"},"summary":{"title":"SQLi in SFS Winsure","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025.","state":"PUBLISHED","assigner":"TR-CERT","published_at":"2025-10-14 13:15:36","updated_at":"2026-06-05 09:16:25"},"problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"iletisim@usom.gov.tr","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337","name":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.usom.gov.tr/bildirim/tr-25-0337","name":"https://www.usom.gov.tr/bildirim/tr-25-0337","refsource":"iletisim@usom.gov.tr","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-10610","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10610","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"SFS Consulting Information Processing Industry and Foreign Trade Inc.","product":"Winsure","version":"affected Version dated 21.08.2025 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Enes Ebubekir","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"10610","cve":"CVE-2025-10610","epss":"0.000380000","percentile":"0.117460000","score_date":"2026-06-09","updated_at":"2026-06-10 00:13:18"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-10610","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-10-14T13:12:16.466863Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-10-14T13:12:26.765Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Winsure","vendor":"SFS Consulting Information Processing Industry and Foreign Trade Inc.","versions":[{"lessThanOrEqual":"Version dated 21.08.2025","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Enes Ebubekir"}],"datePublic":"2025-10-14T12:41:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.<p>This issue affects Winsure: through Version dated 21.08.2025.</p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025."}],"impacts":[{"capecId":"CAPEC-7","descriptions":[{"lang":"en","value":"CAPEC-7 Blind SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-05T08:34:37.063Z","orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT"},"references":[{"tags":["government-resource","broken-link"],"url":"https://www.usom.gov.tr/bildirim/tr-25-0337"},{"tags":["government-resource"],"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0337"}],"source":{"advisory":"TR-25-0337","defect":["TR-25-0337"],"discovery":"UNKNOWN"},"title":"SQLi in SFS Winsure","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","assignerShortName":"TR-CERT","cveId":"CVE-2025-10610","datePublished":"2025-10-14T12:43:37.800Z","dateReserved":"2025-09-17T07:43:02.510Z","dateUpdated":"2026-06-05T08:34:37.063Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-10-14 13:15:36","lastModifiedDate":"2026-06-05 09:16:25","problem_types":["CWE-89","CWE-89 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"10610","Ordinal":"1","Title":"SQLi in SFS Winsure","CVE":"CVE-2025-10610","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"10610","Ordinal":"1","NoteData":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.\n\nThis issue affects Winsure: through Version dated 21.08.2025.","Type":"Description","Title":"SQLi in SFS Winsure"}]}}}