CVE-2025-62617: Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
(updated )
An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database, including reading, modifying, or deleting all data. The vulnerability is present in the latest version, 4.3.16.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-62617 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →