CVE advisoryCRITICAL
CVE-2025-6918
Ncvav Virtual PBX Software SQL Injection Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL injection vulnerability in Virtual PBX Software allows attackers to interfere with SQL commands, potentially leading to unauthorized access or modification of sensitive data. This issue affects the software before July 9, 2025, and requires confirmation of its use and potential exposure.