CVE-2025-15088 | ketr JEPaaS up to 7.2.8 loadPostil postilService.loadPostils keyWord sql injection

December 25, 2025 Yanac

A vulnerability was found in ketr JEPaaS up to 7.2.8. It has been rated as critical. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection.

This vulnerability is known as CVE-2025-15088. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More