CVE-2025-9953 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection via User-Controlled SQL Primary Key. <br>💥 **Consequences**: Full system compromise. Attackers can bypass authorization controls, leading to data theft, modification, or destruction.…

🛡️ **Root Cause**: **CWE-566** (Authorization Bypass Through SQL Logic). <br>🔍 **Flaw**: The software fails to properly validate or sanitize user inputs when used as SQL primary keys.…

🏢 **Vendor**: DATABASE Software Training Consulting Ltd. (Turkey). <br>📦 **Product**: Databank Accreditation Software. <br>⚠️ **Affected Versions**: Version **19022026** and all earlier versions.…

💀 **Attacker Capabilities**: <br>1. **Bypass Auth**: Gain unauthorized access without valid credentials. <br>2. **Data Access**: Read sensitive database contents (High Confidentiality impact). <br>3.…

🔓 **Exploitation Threshold**: **LOW**. <br>📊 **CVSS Vector**: AV:N/AC:L/PR:N/UI:N/S:U. <br>✅ **No Auth Required**: Privileges (PR:N) are not needed. <br>✅ **Low Complexity**: Attack is easy (AC:L).…

🚫 **Public Exploit**: **No**. <br>📝 **PoC Status**: The `pocs` field is empty. <br>🌐 **Wild Exploitation**: Currently unknown.…

🔍 **Self-Check Methods**: <br>1. **Version Check**: Verify if your installed version is ≤ 19022026. <br>2. **Input Testing**: Try injecting SQL syntax (e.g., `' OR 1=1 --`) into fields that map to SQL primary keys.…

🛠️ **Official Fix**: **Unknown/Not Provided**. <br>📅 **Published**: 2026-02-19. <br>🔗 **Reference**: USOM Advisory (tr-26-0078). <br>⚠️ **Action**: Check the vendor's official website or the USOM link for a patch.…

🚧 **Workarounds (If No Patch)**: <br>1. **Input Validation**: Implement strict allow-lists for all inputs used in SQL queries. <br>2.…

🔥 **Urgency**: **CRITICAL**. <br>📈 **Priority**: **P1 (Immediate Action)**. <br>💡 **Reason**: CVSS Score is **9.1** (High). It is remote, requires no authentication, and has severe impact.…