{"dataType": "CVE_RECORD", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2025-70420", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-06-10T19:49:26.352Z", "dateRejected": "2026-06-10T00:00:00.000Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-21T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-10T19:49:26.352Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2025-70420", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-06-10T19:49:26.352Z", "dateRejected": "2026-06-10T00:00:00.000Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-21T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-10T19:49:26.352Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2025-70420", "lastModified": "2026-06-10T20:16:26.897", "metrics": {}, "published": "2026-04-21T21:16:22.900", "references": [], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Rejected"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "25.1.0.420"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "latitude", "vendor": "genesys"}], "analysis": {"en": {"generated_at": "2026-04-27T19:54:22.237172+00:00", "value": {"mitigation_remediation": ["Update Genesys Latitude to a patched version that removes the vulnerable code path", "Apply input validation and use parameterized queries to eliminate unsanitized string concatenation", "Limit the database credentials used by Genesys to only the permissions required for its normal operation", "Ensure network segmentation keeps the database isolated from unauthorized network zones"], "summary": {"action": "Patch Immediately", "impact": "SQL Injection enabling unauthorized database access and potential data modification"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Genesys Latitude product, specifically released as version 25.1.0.420. No other vendors or product variants are identified in the current data set.", "description_and_impact": "A SQL injection flaw exists in Genesys Latitude version 25.1.0.420 where unsanitized user\u2011supplied input is concatenated directly into SQL statements. An attacker who can authenticate to the application can craft input that is executed by the backend database, allowing the execution of arbitrary SQL queries. This can lead to unauthorized data exfiltration, tampering, or deletion, compromising both confidentiality and integrity of the stored information.", "risk_and_exploitability": "The CVSS score of 8.8 denotes a high severity risk, and the EPSS score of less than 1% indicates that exploitation is currently unlikely but possible. The vulnerability is exploitable by authenticated users, and because it allows arbitrary SQL execution, the potential impact is significant. The attack is likely carried out through the application's authenticated interface, requiring valid credentials with sufficient privilege to submit queries to the database. The KEV listing is not present, suggesting that widespread exploitation has not yet been observed, but the high severity of the flaw warrants immediate attention."}}}}, "created": "2026-04-22T03:30:06.689302+00:00", "updated": "2026-04-27T20:00:05.659330+00:00", "vendors": ["genesys", "genesys$PRODUCT$latitude"]}