What is CVE-2025-65103?

CVE-2025-65103 is a high-severity vulnerability in Devcode-it Openstamanager, classified under SQL Injection. CVSS score: 8.8/10. Published 2025-11-19.

How severe is CVE-2025-65103?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Devcode-it Openstamanager

CVE-2025-65103

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitr…

Vulnerability class: SQL Injection

EPSS: 0.000 (1.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Devcode-it Openstamanager — versions < 2.9.5

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-65103?: CVE-2025-65103 is a high-severity vulnerability in Devcode-it Openstamanager, classified under SQL Injection. CVSS score: 8.8/10. Published 2025-11-19.
How severe is CVE-2025-65103?: High severity. CVSS v3 base score is 8.8 out of 10.