{"id":51232,"date":"2025-06-13T08:42:32","date_gmt":"2025-06-13T08:42:32","guid":{"rendered":""},"modified":"2025-09-07T11:38:27","modified_gmt":"2025-09-07T17:38:27","slug":"cve-2025-28986-csrf-vulnerability-in-webaholicson-epicwin-plugin-allowing-sql-injection","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-28986-csrf-vulnerability-in-webaholicson-epicwin-plugin-allowing-sql-injection\/","title":{"rendered":"CVE-2025-28986: CSRF Vulnerability in Webaholicson Epicwin Plugin Allowing SQL Injection<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-28986 is a critical Cross-Site Request Forgery (CSRF) vulnerability found in the Webaholicson Epicwin Plugin that can lead to SQL Injection attacks. This vulnerability is of particular concern to individuals and organizations utilizing the Epicwin Plugin version 1.5 and earlier. A successful exploit of this vulnerability could potentially compromise the entire system or lead<\/a> to significant data leakage.
\nGiven its high Common Vulnerability Scoring System<\/a> (CVSS) score of 8.2, it is essential to address this vulnerability promptly. A successful attack could have severe consequences, including system compromise and potential data<\/a> leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-28986
\nSeverity: High (8.2 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n