External risk intelligence

Dolusoft Omaspot SQL Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-7744

A SQL injection vulnerability in Dolusoft Omaspot allows attackers to execute arbitrary SQL commands by sending crafted data. This could potentially lead to unauthorized access, modification, or deletion of sensitive information stored in the application's database. It is important to determine if this software is in u

4Halo Surface Signal

SQL Injection

Dolusoft Omaspot

before 12.09.2025

External exposure likelihood

Halo Surface Signal score for CVE-2025-7744

Omaspot is a web-based application. Web applications are commonly deployed as internet-facing services to facilitate remote access or public-facing functionality, making the SQL injection vulnerability reachable from the internet in typical deployment scenarios.

PCI scan relevance

PCI Relevance for CVE-2025-7744

Yes

CVE-2025-7744 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This SQL injection vulnerability in Dolusoft Omaspot allows unauthenticated remote attackers to execute arbitrary SQL commands, which is a class of vulnerability that would cause a PCI ASV scan to fail.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This advisory highlights a critical SQL injection vulnerability discovered in Dolusoft Omaspot software. This type of flaw allows unauthorized access and manipulation of the application's database, potentially leading to significant data compromise. Given its network-exploitable nature and critical severity, understanding its presence within your environment is important for risk assessment.

  • Database commands can be manipulated.
  • Critical flaws can expose sensitive data.
  • Confirm if this software is in use.

Attack Path

How an attacker could exploit the issue

An attacker could target an internet-facing Omaspot application by sending specially crafted data to it. This malicious input would interact with the application's backend, leading to the execution of unintended SQL commands. This could potentially allow the attacker to access, modify, or delete sensitive information stored in the application's database.

  • No authentication needed for entry.
  • User input to the application triggers it.
  • Database compromise is the main risk.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Dolusoft Omaspot could allow an attacker to inject malicious SQL commands. When supported by the advisory, this could lead to unauthorized access, modification, or deletion of sensitive data within the application's database.

  • Database integrity and confidentiality.
  • Malicious SQL commands over network.
  • Unauthorized data access and modification.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The initial action is to identify all instances of Dolusoft Omaspot, determine their reachability and criticality, and confirm the accountable owner before planning remediation. This ownership is likely shared between application owners and infrastructure teams, with potential involvement from network and security teams for exposure analysis and vendor management if a managed service is in place.

  • Ownership: Application and infrastructure teams.
  • Verify first: Confirm Omaspot presence and exposure.
  • Action: Plan remediation with vendor coordination.

Frequently asked questions

What is Dolusoft Omaspot and what is it used for?

Dolusoft Omaspot is a software application. Its specific use case is not detailed in the provided context, but it interacts with a database.

What is CVE-2025-7744 and what kind of weakness is it?

CVE-2025-7744 is a vulnerability in Dolusoft Omaspot that falls under the weakness class of SQL Injection (CWE-89). This means an attacker can interfere with queries that an application makes to its database.

How can an attacker exploit this SQL Injection vulnerability?

An attacker can exploit this vulnerability by sending specially crafted data to the Omaspot application. This malicious input is designed to execute unintended SQL commands on the application's database, potentially allowing unauthorized access or manipulation of data.

Who should be concerned about this vulnerability?

Organizations running Dolusoft Omaspot should be concerned. The Halo Surface Signal indicates this vulnerability is likely reachable from the internet, meaning external attackers could potentially exploit it.

What is the first step to address this CVE in my environment?

The first step is to identify all instances of Dolusoft Omaspot within your organization. You should also determine how accessible these instances are and confirm who is responsible for them before planning any fixes.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified