CVE-2025-27378

HIGH

8.6

Description

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.

CVE Details

CVSS v3.1 Score8.6

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/22/2026

Last Modified2/26/2026

Sourcenvd

Honeypot Sightings0

Affected Products

altium:on-prem_enterprise_server

Weaknesses (CWE)

CWE-20CWE-89

References

https://www.altium.com/platform/security-compliance/security-advisories(4760f414-e1ae-4ff1-bdad-c7a9c3538b79)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.