CVE-2025-10095 is a medium-severity SQL injection vulnerability identified in the SMPP server component of the SMSEagle firmware developed by Proximus sp. z o.o. The vulnerability stems from improper neutralization of special elements used in SQL commands (CWE-89), specifically due to inadequate sanitization of user input parameters handled by the SMPP server's scripts. The SMPP server operates with its own dedicated database, separate from the main SMSEagle software database, which limits the scope of the vulnerability to the SMPP server's operations only. Exploitation of this vulnerability could allow an unauthenticated remote attacker with network access to the SMPP server to inject malicious SQL commands, potentially leading to unauthorized data access or manipulation within the SMPP server database. However, the vulnerability does not require user interaction or privileges and has a CVSS 4.0 base score of 5.3, reflecting a medium severity level. The issue has been addressed and fixed in SMSEagle firmware version 6.11. No known exploits are currently reported in the wild. The vulnerability's attack vector is network-based with low attack complexity and no privileges or user interaction required, but the impact on confidentiality and integrity is limited to the SMPP server's database, with no direct impact on availability or other components of the SMSEagle system.

For European organizations using SMSEagle devices, particularly those utilizing the SMPP server functionality for SMS gateway operations, this vulnerability could lead to unauthorized access or manipulation of SMS-related data stored in the SMPP server database. This could result in interception or alteration of SMS messages, potentially undermining communication integrity and confidentiality. Organizations relying on SMSEagle for critical messaging services, such as two-factor authentication or alerting systems, may face risks of message tampering or data leakage. However, since the vulnerability is confined to the SMPP server's database and does not affect the main SMSEagle software database, the overall impact is somewhat contained. Nonetheless, attackers exploiting this flaw could disrupt messaging workflows or gain sensitive information related to SMS operations, which could be leveraged for further attacks or social engineering. The absence of known exploits reduces immediate risk, but the medium severity and ease of exploitation warrant prompt attention, especially in sectors with high reliance on SMS communications like finance, healthcare, and government services within Europe.

European organizations should immediately verify their SMSEagle firmware version and upgrade to version 6.11 or later, where the vulnerability is patched. Network segmentation should be enforced to restrict access to the SMPP server component, limiting exposure to trusted hosts only. Implementing strict firewall rules and access control lists (ACLs) to block unauthorized network traffic to the SMPP server port can reduce attack surface. Additionally, organizations should monitor SMPP server logs for unusual query patterns or failed login attempts that may indicate exploitation attempts. Employing intrusion detection or prevention systems (IDS/IPS) tuned to detect SQL injection signatures targeting SMPP protocols can provide early warning. Where feasible, consider deploying web application firewalls (WAFs) or database activity monitoring tools that can detect and block SQL injection attempts at the network or database layer. Finally, conducting regular security assessments and penetration testing focused on the SMPP server component will help identify residual risks and verify the effectiveness of mitigations.