CVE-2025-10087 is a medium-severity SQL Injection vulnerability identified in SourceCodester Pet Grooming Management Software version 1.0. The vulnerability exists in the /admin/profit_report.php file, specifically involving the manipulation of the 'product_id' parameter. An attacker can remotely exploit this flaw by injecting malicious SQL code through the product_id argument, which is not properly sanitized or parameterized. This allows the attacker to interfere with the backend SQL queries executed by the application, potentially leading to unauthorized data access, data modification, or disruption of database operations. The vulnerability requires high privileges (PR:H) but does not require user interaction (UI:N) or authentication bypass (AT:N). The impact on confidentiality, integrity, and availability is low to limited, as indicated by the CVSS vector, but exploitation can still lead to unauthorized data exposure or corruption within the affected system. The vulnerability has been publicly disclosed, but no known exploits are currently reported in the wild. The CVSS 4.0 base score is 5.1, reflecting a medium severity level. The vulnerability affects only version 1.0 of the software, and no official patches or mitigation links have been provided yet.

For European organizations using SourceCodester Pet Grooming Management Software 1.0, this vulnerability poses a risk of unauthorized access to sensitive business data, such as profit reports or product-related information. Although the impact is rated medium, exploitation could lead to data leakage or manipulation, potentially affecting financial reporting accuracy and business decision-making. Given that the vulnerability requires administrative privileges, the risk is somewhat mitigated by internal access controls; however, if an attacker gains administrative access through other means or insider threats exist, this vulnerability could be leveraged to escalate damage. The disruption of database integrity could also affect service availability, causing operational downtime. Organizations in Europe that rely on this software for managing pet grooming business operations may face reputational damage and regulatory compliance issues if customer or financial data is compromised.

European organizations should immediately audit their deployment of SourceCodester Pet Grooming Management Software to identify if version 1.0 is in use. Since no official patch is currently available, organizations should implement the following mitigations: 1) Restrict administrative access to trusted personnel only and enforce strong authentication mechanisms to reduce the risk of privilege abuse. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the product_id parameter in /admin/profit_report.php. 3) Conduct code reviews and apply manual input validation and parameterized queries in the affected module if source code access is available. 4) Monitor database logs and application logs for suspicious queries or anomalies related to profit_report.php. 5) Isolate the application database with strict network segmentation to limit lateral movement in case of compromise. 6) Prepare for timely patching once an official fix is released by the vendor and test updates in a controlled environment before deployment.