Primary

Context

Digi On-Prem Manager Authenticated SQL Injection Vulnerability in API

Vulnerability

A SQL injection vulnerability has been identified in the API feature of Digi On-Prem Manager, affecting versions 24.12.5 prior to 25.08.5. This vulnerability allows an attacker with valid API tokens to inject SQL through crafted input. The API is disabled by default, and exploitation requires a valid API token.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Remediation

Users are advised to update to Digi On-Prem Manager version 25.08.5 or later. Additionally, it is recommended to restrict API access to trusted IP address ranges or ensure that the API feature is disabled.

Added: Nov 17, 2025, 5:27 PM

Updated: Nov 17, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Digi On-Prem Manager Authenticated SQL Injection Vulnerability in API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating