CVE-2024-25320 is a critical SQL injection vulnerability identified in Tongda OA, a widely used office automation software, affecting versions from 2017 through v11.9. The vulnerability resides in the $AFF_ID parameter of the /affair/delete.php script, which fails to properly sanitize user-supplied input before incorporating it into SQL queries. This flaw allows remote attackers to inject malicious SQL code without any authentication or user interaction, enabling them to manipulate the backend database directly. The CVSS 3.1 base score of 9.8 reflects the vulnerability's high exploitability (network vector, low attack complexity) and severe impact on confidentiality, integrity, and availability. Potential attacker actions include unauthorized data disclosure, data modification or deletion, and disruption of application functionality. Although no known public exploits have been reported to date, the vulnerability's characteristics make it a prime target for attackers seeking to compromise enterprise data or disrupt operations. Tongda OA is predominantly used in China and some Asian markets, often in government and corporate environments, increasing the strategic importance of this vulnerability. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by affected organizations to prevent exploitation.

The impact of CVE-2024-25320 is severe for organizations using Tongda OA, as successful exploitation can lead to complete compromise of the underlying database. Attackers can exfiltrate sensitive information, alter or delete critical data, and potentially escalate their access within the network. This can result in data breaches, operational disruption, loss of intellectual property, and reputational damage. Given the vulnerability requires no authentication and can be exploited remotely, the attack surface is broad, increasing the likelihood of exploitation. Organizations in sectors relying on Tongda OA for document management and workflow automation, such as government agencies, educational institutions, and enterprises in China and neighboring countries, face heightened risk. The absence of known exploits currently provides a small window for remediation, but the critical severity score indicates that exploitation attempts are likely imminent.

Until official patches are released, organizations should implement the following mitigations: 1) Deploy web application firewalls (WAFs) with rules specifically designed to detect and block SQL injection attempts targeting the $AFF_ID parameter and /affair/delete.php endpoint. 2) Apply strict input validation and sanitization on all user-supplied parameters, especially $AFF_ID, to reject or neutralize malicious input. 3) Restrict access to the /affair/delete.php script by IP whitelisting or network segmentation to limit exposure. 4) Monitor database logs and application logs for unusual queries or error messages indicative of injection attempts. 5) Conduct thorough security assessments and penetration testing focused on SQL injection vectors within Tongda OA deployments. 6) Prepare for rapid deployment of official patches once available and maintain an incident response plan for potential exploitation. 7) Educate administrators and users about the risks and signs of SQL injection attacks to enhance detection and response capabilities.