External risk intelligence

Authenticated users can access other people's data in STER

CVE advisorySeverity: HIGH (CVSS 8.7)

CVE-2026-25606

An internal attacker with legitimate access can exploit search filters in STER to bypass security controls and retrieve private information belonging to other users. This exposes the business to potential widespread theft of sensitive organizational and customer data.

2Halo Surface Signal

SQL Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-25606

The vulnerability requires an authenticated user with existing, legitimate internal access to the application to exploit search filters. It is not an internet-facing edge service by design, and exploitation typically occurs within the context of an internal or authenticated environment rather than via public internet exposure.

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in STER allows an authenticated user to inject malicious SQL commands through search filters. This could enable them to access or manipulate sensitive data that the application can reach.

Sensitive data exposure is possible.
Attackers view data of other users.

Attack Path

How an attacker could exploit the issue

An attacker with valid credentials can exploit this SQL injection flaw by manipulating input in the search filters. This allows them to bypass intended data restrictions and access or modify sensitive information that the application can reach.

Authenticated user needed.
Abuses search filters.
Reads/writes other user data.

Live Threat

Current exploitation, exposure, and threat context

Attackers might find this SQL injection vulnerability appealing due to its potential to expose sensitive data. The requirement for authentication, however, could deter mass exploitation. Given the vulnerability is patched and not listed as actively exploited, the immediate threat is likely low.

Exploitation requires authentication.
Patch is available.
No KEV listing.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Focus on identifying and blocking any network traffic attempting to exploit the SQL injection vulnerability in STER's search filters. Prioritize reviewing logs for unusual query patterns or access to sensitive data by authenticated users. If exploitation is detected, immediately isolate the affected instances until the vulnerability is patched.

Block suspicious SQL queries.
Update STER to version 9.5.
Monitor for unauthorized data access.

Frequently asked questions

What is STER and what is it used for?

STER is a software application. It is used for managing and accessing data, and its search filters are a key feature for users to find specific information.

How does CVE-2026-25606 affect STER?

CVE-2026-25606 is a SQL injection vulnerability. This weakness, categorized as CWE-89, means that specially crafted input in STER's search filters can be used to execute unintended SQL commands.

What are the conditions needed to exploit this vulnerability?

To exploit this vulnerability, an attacker must already have authenticated access to the STER application. The vulnerability is triggered by providing malicious input through the application's search filters.

Who should be concerned about this threat according to Halo Surface Signal?

Organizations using STER should be concerned. Halo Surface Signal indicates this vulnerability is unlikely to be exploited from the internet, as it requires authenticated, internal access to the application, rather than being an internet-facing service.

What is the first step to address this vulnerability?

The first practical step is to update STER to version 9.5 or later, as this version includes a fix for the vulnerability. Reviewing application logs for unusual query patterns or unauthorized data access is also recommended.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.