{"uuid": "07cd3225-af32-4bdb-862c-9af83c44d9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-40624", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15087", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40624\n\ud83d\udd25 CVSS Score: 9.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 and \u201cemail\u201d parameters of the \u2018updatePassword\u2019 endpoint.\n\ud83d\udccf Published: 2025-05-06T10:41:39.095Z\n\ud83d\udccf Modified: 2025-05-06T10:41:39.095Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim", "creation_timestamp": "2025-05-06T11:21:41.000000Z"}