Volerion logoVolerion
Volerion logoVolerion

Nozomi Networks Guardian and CMC SQL Injection Vulnerability in Alert Functionality

Vulnerability

A SQL injection vulnerability has been identified in the Alert feature of Nozomi Networks Guardian and CMC versions prior to 25.2.0. This vulnerability arises from inadequate validation of an input parameter, allowing an authenticated user with limited privileges to execute arbitrary SQL commands on the application's database management system. Exploitation of this vulnerability could lead to unauthorized data exposure, modification of data structure and content, or disruption of data availability.

Impact

Exploitation allows authenticated users with limited privileges to execute arbitrary SQL statements, potentially leading to unauthorized data access, data modification, or disruption of database availability.

Remediation

Users are advised to upgrade to version 25.2.0 or later. Additionally, internal firewall features can be used to restrict access to the web management interface, and accounts with unnecessary access should be reviewed and deleted.

Added: Oct 7, 2025, 1:18 PM
Updated: Oct 7, 2025, 1:18 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
7.5
exploitability
4.5
remediation
7.9
relevance
0.7
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.