How is CVE-2026-8025 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network, meaning an attacker can reach it from the internet or any routable network path without requiring local or physical access. Authentication (not-required): No credentials of any privilege level are needed; the attacker can send malicious SQL payloads as an anonymous, unauthenticated user. Victim interaction (not-required): No user action is required; the attacker sends crafted requests directly to the service without involving any logged-in user. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and condition-free with no race conditions, memory layout dependencies, or other environmental factors to overcome.

What is the impact of CVE-2026-8025?

Reads all data the database user can access, including stored credentials, session tokens, and any customer or application records. Modifies or deletes persisted database rows, enabling data tampering, record destruction, or privilege escalation within the application. Crashes or saturates the database service, causing a denial of service for all application functionality that depends on it. May execute database-level commands that reach the underlying operating system, depending on database configuration and privilege grants.

Back to search

CRITICALCVE-2026-8025Published 2026-06-09Modified 2026-06-09CNA TR-CERT

CVE-2026-8025: SQLi in MOSK Informatics' CBS Platform

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not supported.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

SQL injection in MOSK Information Technologies' CBS Platform allows an unauthenticated remote attacker to interact directly with the underlying database. The vulnerability is reachable over the network, requires no credentials, and no victim interaction. Successful exploitation gives the attacker full read, write, and denial-of-service capability against the database. The vendor has confirmed the product is unsupported, so no patch is forthcoming; HarborGuard tracks the advisory and will make a patched rebuild available if an upstream fix is ever published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle CBS Platform. No manual feed subscription is required.

Available

Triage

HarborGuard scores this finding at CVSS 9.8 Critical and is capable of weighting it further against each customer environment's compliance policy before routing the alert to the appropriate team inbox within that organization.

Available

Patch

Because no fix version exists, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream vendor or a community fork publishes a remediated release. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without any manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network, meaning an attacker can reach it from the internet or any routable network path without requiring local or physical access.
AuthenticationNot required
No credentials of any privilege level are needed; the attacker can send malicious SQL payloads as an anonymous, unauthenticated user.
Victim interactionNot required
No user action is required; the attacker sends crafted requests directly to the service without involving any logged-in user.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and condition-free with no race conditions, memory layout dependencies, or other environmental factors to overcome.

Blast Radius

Reads all data the database user can access, including stored credentials, session tokens, and any customer or application records.
Modifies or deletes persisted database rows, enabling data tampering, record destruction, or privilege escalation within the application.
Crashes or saturates the database service, causing a denial of service for all application functionality that depends on it.
May execute database-level commands that reach the underlying operating system, depending on database configuration and privilege grants.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-8025 is active across all connected registries and build pipelines. Because the vendor has confirmed CBS Platform is unsupported and no fix version exists, HarborGuard cannot offer a standard patched-image rebuild at this time. Instead, HarborGuard monitors the advisory on every ingest cycle and will trigger a rebuild automatically if a patch is ever published upstream. In the meantime, compensating controls are strongly advised: apply network policy rules to restrict inbound access to CBS Platform endpoints to known, trusted source addresses only; use egress filtering to limit what the application process can reach if injection leads to out-of-band data exfiltration attempts; and, where the platform exposes optional features that increase SQL attack surface, gate those features off via configuration flags. For customers with auto-remediation enabled, the full rebuild, regression run, and PR workflow will activate the moment a fix version becomes available.

See how HarborGuard automates this

Affected packages

MOSK Information Technologies Ltd. / CBS Platform
≤ 09062026

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

siberguvenlik.gov.tr

Metrics

Get notified