CVE-2025-10399 is a SQL Injection vulnerability identified in Korzh EasyQuery versions up to 7.4.0, specifically affecting the Query Builder UI component. The vulnerability arises from improper handling of requests to the endpoint /api/easyquery/models/nwind/fetch, which allows an attacker to inject malicious SQL code. This flaw can be exploited remotely without requiring user interaction or authentication, making it a significant risk. The vulnerability has a CVSS 4.0 base score of 5.3, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), suggesting partial compromise or limited data exposure or modification. The vulnerability does not require special conditions such as scope changes or security requirements. Although no public exploits are currently known in the wild, the exploit code has been made publicly available, increasing the likelihood of exploitation attempts. The vulnerability affects multiple versions of Korzh EasyQuery, a tool used for building queries, which may be integrated into enterprise applications or data management systems. The SQL Injection could allow attackers to read, modify, or delete data within the backend database, potentially leading to data breaches, unauthorized data manipulation, or denial of service conditions depending on the database and application context. Given the remote and unauthenticated nature of the exploit, attackers can leverage this vulnerability to compromise affected systems without needing legitimate access or user interaction.

For European organizations using Korzh EasyQuery up to version 7.4.0, this vulnerability poses a moderate risk. The ability to perform SQL Injection remotely without authentication means attackers can potentially access sensitive business data, manipulate records, or disrupt services. This could lead to data confidentiality breaches, integrity violations, and availability issues impacting business operations. Organizations in sectors such as finance, healthcare, manufacturing, and government that rely on EasyQuery for data querying and reporting may face regulatory compliance risks, including GDPR violations if personal data is exposed. The medium severity rating suggests that while the impact is not catastrophic, it is sufficient to warrant prompt attention to avoid exploitation. The lack of known active exploitation reduces immediate risk but the public availability of exploit code increases the urgency for mitigation. European companies with integrated EasyQuery components in their software stacks should assess exposure and prioritize patching or mitigation to prevent potential data breaches or operational disruptions.

1. Immediate patching: Although no official patch links are provided in the data, organizations should monitor Korzh’s official channels for security updates addressing CVE-2025-10399 and apply patches promptly once available. 2. Input validation and sanitization: Implement strict server-side input validation and parameterized queries or prepared statements in the affected API endpoint to prevent injection of malicious SQL code. 3. Web application firewall (WAF): Deploy and configure a WAF with rules to detect and block SQL Injection patterns targeting the /api/easyquery/models/nwind/fetch endpoint. 4. Network segmentation and access controls: Restrict access to the EasyQuery API endpoints to trusted internal networks or authenticated users where possible, reducing exposure to external attackers. 5. Monitoring and logging: Enable detailed logging of API requests and monitor for unusual or suspicious query patterns indicative of injection attempts. 6. Incident response planning: Prepare to respond quickly to any detected exploitation attempts, including isolating affected systems and conducting forensic analysis. 7. Vendor engagement: Engage with Korzh support to obtain guidance, patches, or workarounds and confirm the vulnerability status and remediation timeline. 8. Application security review: Conduct a thorough security assessment of applications integrating EasyQuery to identify and remediate any other injection or input validation weaknesses.