CVE-2025-6830

9.8 CRITICAL

Published 2026-02-09 · Modified 2026-02-09 · Awaiting Analysis

Quick Summary

A critical SQL injection vulnerability exists in Xpoda Studio software, allowing attackers to manipulate database queries remotely. This is a severe flaw because it can be easily exploited over the network without special privileges.

Who is affected

All users of Xpoda Studio versions through 09022026 are affected. An attacker could steal, modify, or delete sensitive data from the application's database.

Recommended fix

Users must upgrade to a version of Xpoda Studio released after 09022026. As an immediate mitigation, restrict network access to the application and implement strict input validation on all user-supplied data.

Technical Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Xpoda Studio allows SQL Injection.This issue affects Xpoda Studio: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Attack Vector

NETWORK

Complexity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

References

https://www.usom.gov.tr/bildirim/tr-26-0020