CVE-2025-70420

Description

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.

References

• http://genesys.com
• https://okunsec.com/research/cve-2025-70420