What is CVE-2025-69216?

CVE-2025-69216 is a vulnerability in Devcode-it Openstamanager, classified under SQL Injection. Published 2026-02-06.

Is CVE-2025-69216 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Devcode-it Openstamanager

CVE-2025-69216

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any au…

Vulnerability class: SQL Injection

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

Affected products

Devcode-it Openstamanager — versions <= 2.9.8

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

lukasz-rybak/CVE-2025-69216

References

https://github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-69216?: CVE-2025-69216 is a vulnerability in Devcode-it Openstamanager, classified under SQL Injection. Published 2026-02-06.
Is CVE-2025-69216 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.