CVE-2025-57792

Critical

Published: 28 January 2026

Published

28 January 2026

Modified

05 February 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0012 30.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57792 is a critical-severity SQL Injection (CWE-89) vulnerability in Explorance Blue. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of user-supplied inputs at web application endpoints to prevent SQL injection vulnerabilities like CVE-2025-57792.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation, such as patching Explorance Blue to version 8.14.9 or later to eliminate this specific SQL injection vulnerability.

SC-7 Boundary Protection partial match

prevent

Boundary protection at web interfaces can deploy web application firewalls to block crafted SQL injection inputs targeting unauthenticated endpoints.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in a public-facing web application endpoint directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue…

is exploitable without authentication, significantly raising the risk.

Deeper analysisAI

CVE-2025-57792 is a SQL injection vulnerability (CWE-89) affecting Explorance Blue versions prior to 8.14.9. The issue arises from insufficient validation of user input in a web application endpoint, enabling attackers to supply crafted input that is executed as part of backend database queries.

The vulnerability is exploitable without authentication by remote attackers over the network with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Exploitation allows attackers to execute arbitrary SQL queries, potentially leading to high impacts on confidentiality, integrity, and availability of the affected system.

Mitigation guidance is provided in Explorance security advisories, including those published in January 2026 at online-help.explorance.com/blue/articles/security-advisories-(january-2026) and the specific advisory for CVE-2025-57792 at online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57792. Additional details are available in Mandiant's disclosure at github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0001.md and on the Explorance Blue product page at www.explorance.com/products/blue.