CVE-2025-55065
Published: 01 January 2026
Summary
CVE-2025-55065 is a high-severity SQL Injection (CWE-89) vulnerability in Gov (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-55065 is a SQL injection vulnerability stemming from CWE-89, involving improper neutralization of special elements used in an SQL command. It was published on 2026-01-01T19:15:53.367 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The specific software or component affected is not detailed in the available information.
The vulnerability enables exploitation over a network by an unauthenticated attacker with low complexity and no user interaction required. Successful exploitation results in high-impact confidentiality loss, allowing unauthorized access to sensitive data, while integrity and availability remain unaffected.
Advisories are available via the reference at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which may provide further details on mitigations or patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0005
Vulnerability details
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection (CWE-89) with network vector (AV:N) directly enables remote exploitation of a public-facing application for unauthorized data access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates SQL injection (CWE-89) by requiring validation of user inputs to neutralize special elements used in SQL commands.
Addresses the specific SQL injection flaw in CVE-2025-55065 through identification, reporting, and correction to prevent unauthorized data access.
Enables system monitoring to detect SQL injection attacks or indicators, such as anomalous database queries leading to confidentiality breaches.