Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2025-1023 is a critical severity vulnerability with a CVSS score of 9.8. Active exploits exist with no official patch available - immediate mitigation is required.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Lower probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper sanitization, allowing an attacker to manipulate database queries and execute arbitrary commands, potentially leading to data exfiltration, modification, or deletion.
| Vendor | Product |
|---|---|
| Churchcrm | Churchcrm |