CVE-2025-53122

Published: Jun 26, 2025

Modified: Jun 26, 2025

PUBLISHED

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Vendor	Product	Versions
The OpenNMS Group	Horizon	affected `25.2.1 - < 33.1.6, 33.1.7` affected `33.0.8 - < 33.1.6, 33.1.7` unknown `25.2.1 - <= 33.0.8`
The OpenNMS Group	Meridian	affected `2024.1.0 - < 2024.2.6, 2024.2.7`

Weaknesses (CWE)

CWE-89

References

https://github.com/OpenNMS/opennms/pull/7709

https://docs.opennms.com/meridian/2024/releasenotes/changelog.html#releasenotes-changelog-Meridian-2024.2.6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53122

Description

Affected Products

Weaknesses (CWE)

References