{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70420", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-22T15:35:35.730Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-21T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-21T20:48:54.120Z"}, "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://genesys.com"}, {"url": "https://okunsec.com/research/cve-2025-70420"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://okunsec.com/research/cve-2025-70420", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T13:43:13.474633Z", "id": "CVE-2025-70420", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T15:35:35.730Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70420", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-22T13:43:13.474633Z"}}}], "references": [{"url": "https://okunsec.com/research/cve-2025-70420", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:48:33.510Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://genesys.com"}, {"url": "https://okunsec.com/research/cve-2025-70420"}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-21T20:48:54.120Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70420", "state": "PUBLISHED", "dateUpdated": "2026-04-22T15:35:35.730Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-21T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:genesys:latitude:25.1.0.420:*:*:*:*:*:*:*", "matchCriteriaId": "8064D8D4-AA5A-46FC-9564-0E591A0ABFE6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements."}], "id": "CVE-2025-70420", "lastModified": "2026-05-13T16:01:29.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-21T21:16:22.900", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://genesys.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://okunsec.com/research/cve-2025-70420"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://okunsec.com/research/cve-2025-70420"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "25.1.0.420"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "latitude", "vendor": "genesys"}], "analysis": {"en": {"generated_at": "2026-04-27T19:54:22.237172+00:00", "value": {"mitigation_remediation": ["Update Genesys Latitude to a patched version that removes the vulnerable code path", "Apply input validation and use parameterized queries to eliminate unsanitized string concatenation", "Limit the database credentials used by Genesys to only the permissions required for its normal operation", "Ensure network segmentation keeps the database isolated from unauthorized network zones"], "summary": {"action": "Patch Immediately", "impact": "SQL Injection enabling unauthorized database access and potential data modification"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Genesys Latitude product, specifically released as version 25.1.0.420. No other vendors or product variants are identified in the current data set.", "description_and_impact": "A SQL injection flaw exists in Genesys Latitude version 25.1.0.420 where unsanitized user\u2011supplied input is concatenated directly into SQL statements. An attacker who can authenticate to the application can craft input that is executed by the backend database, allowing the execution of arbitrary SQL queries. This can lead to unauthorized data exfiltration, tampering, or deletion, compromising both confidentiality and integrity of the stored information.", "risk_and_exploitability": "The CVSS score of 8.8 denotes a high severity risk, and the EPSS score of less than 1% indicates that exploitation is currently unlikely but possible. The vulnerability is exploitable by authenticated users, and because it allows arbitrary SQL execution, the potential impact is significant. The attack is likely carried out through the application's authenticated interface, requiring valid credentials with sufficient privilege to submit queries to the database. The KEV listing is not present, suggesting that widespread exploitation has not yet been observed, but the high severity of the flaw warrants immediate attention."}}}}, "created": "2026-04-22T03:30:06.689302+00:00", "updated": "2026-04-27T20:00:05.659330+00:00", "vendors": ["genesys", "genesys$PRODUCT$latitude"]}