CVE-2025-10399 is a medium-severity SQL Injection vulnerability identified in Korzh EasyQuery versions up to 7.4.0. The vulnerability resides in the Query Builder UI component, specifically in the processing of the API endpoint /api/easyquery/models/nwind/fetch. This endpoint improperly handles user input, allowing an attacker to inject malicious SQL code. The flaw can be exploited remotely without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts the confidentiality, integrity, and availability of the underlying database by enabling unauthorized data access, modification, or deletion. The CVSS 4.0 score of 5.3 reflects a medium risk, considering the low attack complexity but limited scope and privileges required (low privileges needed). Although no public exploit in the wild has been reported yet, the exploit code has been made publicly available, increasing the risk of exploitation. The vulnerability affects all versions from 7.0 through 7.4.0 of Korzh EasyQuery, a tool used for building queries in applications, which may be integrated into various enterprise software solutions. The lack of available patches at the time of publication increases the urgency for mitigation.

For European organizations using Korzh EasyQuery, this vulnerability poses a significant risk to the security of their data assets. Exploitation could lead to unauthorized disclosure of sensitive information, data tampering, or disruption of services relying on the affected query builder. Industries such as finance, healthcare, and government, which often handle critical and regulated data, could face compliance violations (e.g., GDPR) and reputational damage if exploited. The remote and unauthenticated nature of the attack vector means that attackers can potentially compromise systems without insider access, increasing the attack surface. Additionally, the availability of public exploit code lowers the barrier for threat actors, including cybercriminals and hacktivists, to leverage this vulnerability. The impact extends beyond data loss to potential lateral movement within networks if attackers gain database access, threatening broader organizational security.

European organizations should immediately assess their use of Korzh EasyQuery versions 7.0 through 7.4.0 and prioritize upgrading to a patched version once available. In the absence of an official patch, organizations should implement strict input validation and sanitization on the affected API endpoint to block malicious SQL payloads. Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting /api/easyquery/models/nwind/fetch can provide interim protection. Restricting database user privileges associated with the application to the minimum necessary can limit the impact of a successful injection. Network segmentation and monitoring for unusual database queries or API requests can help detect exploitation attempts early. Organizations should also review logs for suspicious activity related to this endpoint and prepare incident response plans tailored to SQL injection attacks. Finally, engaging with Korzh support channels for updates and advisories is recommended.