CVE-2025-67081

Published: Jan 15, 2026

Modified: Jan 15, 2026

PUBLISHED

Description

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/itflow-org/itflow

https://www.helx.io/blog/advisory-itflow/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67081

Description

Affected Products

References