CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d	Patch
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:centralsquare:etrakit.net:3.2.1.77:*:*:*:*:*:*:*

History

23 Sep 2025, 14:45

Type	Values Removed	Values Added
References	~~() https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d -~~	() https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d - Patch
References	~~() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json -~~	() https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json - Third Party Advisory
First Time		Centralsquare etrakit.net Centralsquare
Summary		(es) Se ha detectado un problema de inyección SQL en la versión 3.2.1.77 de eTRAKiT.net. Debido a una validación de entrada incorrecta, un atacante remoto no autenticado puede ejecutar comandos arbitrarios utilizando la cuenta actual del servidor MS SQL. Se recomienda desactivar la función CRM en la versión 3.2.1.77 de eTRAKiT.net. eTRAKiT.Net ya no es compatible, y se recomienda a los usuarios migrar a la última versión de CentralSquare Community Development.
CPE		cpe:2.3:a:centralsquare:etrakit.net:3.2.1.77:::::::*

20 Mar 2025, 20:15

Type	Values Removed	Values Added
References		() https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d -

20 Mar 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 19:15

Updated : 2025-09-23 14:45

NVD link : CVE-2025-29980

Mitre link : CVE-2025-29980

CVE.ORG link : CVE-2025-29980

JSON object : View

Products Affected

centralsquare

etrakit.net

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.8 /10