CVE-2025-8587 – This SQL injection vulnerability in AKCE Softwa... (How to Fix)

Q: What is the severity of CVE-2025-8587?

CVE-2025-8587 has a CVSS score of 8.6 (HIGH). This SQL injection vulnerability in AKCE Software's SKSPro allows attackers to execute arbitrary SQL commands on the database. All SKSPro installations through version 07012026 are affected, potentially compromising sensitive data and system integrity.

📋 TL;DR

This SQL injection vulnerability in AKCE Software's SKSPro allows attackers to execute arbitrary SQL commands on the database. All SKSPro installations through version 07012026 are affected, potentially compromising sensitive data and system integrity.

💻 Affected Systems

Products:

AKCE Software Technology R&D Industry and Trade Inc. SKSPro

Versions: through 07012026

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution on the database server.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the database, potentially including user credentials and business data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place, though underlying vulnerability remains.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic knowledge of SQL and web application testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-26-0011

Restart Required: No

Instructions:

1. Monitor vendor website for security updates. 2. Apply patch when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Database Access Restrictions

all

Limit database user permissions to minimum required

🧯 If You Can't Patch

Isolate SKSPro system from internet and restrict network access
Implement strict input validation and parameterized queries in application code

🔍 How to Verify

Check if Vulnerable:

Check SKSPro version number in application interface or configuration files

Check Version:

Check application interface or consult vendor documentation

Verify Fix Applied:

Verify version is newer than 07012026 and test with SQL injection payloads in non-production environment

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL syntax
Long or malformed query strings in access logs

Network Indicators:

SQL keywords in HTTP requests (SELECT, UNION, INSERT, etc.)
Unusual database connection patterns
High volume of requests to database endpoints

SIEM Query:

source="web_logs" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE" OR "UPDATE") AND status="200"

📊 Metadata

CVE ID: CVE-2025-8587

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-89

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://www.usom.gov.tr/bildirim/tr-26-0011