CVE-2025-21628 – Chatwoot SQL Injection Vulnerability

1月 9, 2025
7:17 pm

CVE ID : CVE-2025-21628

Published : Jan. 9, 2025, 6:15 p.m. | 1 hour, 1 minute ago

Description : Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by adding a tautological WHERE clause. This issue is patched with v3.16.0.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-21628 – Chatwoot SQL Injection Vulnerability

Elvescore.io

Recent Posts

CVE-2024-56376 – REDCap Cross-Site Scripting (XSS)

CVE-2024-56377 – REDCap Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-21380 – Azure SaaS Resource Authentication Bypass

CVE-2023-28354 – Opsview Monitor Agent Command Injection

CVE-2024-46464 – PRIMX ZED Enterprise Local File Manipulation Privilege Escalation

CVE-2024-51229 – LinZhaoguan pb-cms Cross Site Scripting (XSS)

CVE-2025-21628 – Chatwoot SQL Injection Vulnerability

CVE-2025-21628 – Chatwoot SQL Injection Vulnerability