CVE-2025-41009 – SQL injection on the virtual campus platform of Diseño de Recursos Educativos

CVE ID : CVE-2025-41009

Published : Oct. 27, 2025, 12:15 p.m. | 29 minutes ago

Description : SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…