CVE-2025-10473 is a medium severity SQL Injection vulnerability identified in the yangzongzhuan RuoYi framework, specifically affecting versions 4.8.0 and 4.8.1. The flaw resides in the filterKeyword function within the /com/ruoyi/common/utils/sql/SqlUtil.java file, part of the Blacklist Handler component. This vulnerability allows an attacker to manipulate SQL queries by injecting malicious input remotely without requiring user interaction or authentication, due to insufficient input sanitization or improper handling of user-supplied data in the SQL construction process. Exploitation could lead to unauthorized access to or modification of the backend database, potentially compromising confidentiality, integrity, and availability of data. Although the CVSS 4.0 score is 5.3 (medium severity), the vulnerability is notable because the exploit code has been publicly released, increasing the risk of exploitation. However, no known active exploitation in the wild has been reported yet. The vulnerability does not require privileges or user interaction, and the attack vector is network-based, making it accessible to remote attackers. The scope is limited to affected versions of the RuoYi framework, which is an open-source Java-based rapid development platform widely used for enterprise applications, especially in China and some international markets. The vulnerability could be leveraged to perform unauthorized data retrieval, data manipulation, or potentially escalate attacks within affected systems.

For European organizations using the RuoYi framework, this vulnerability poses a significant risk to the security of their enterprise applications and underlying databases. Successful exploitation could lead to data breaches involving sensitive corporate or customer information, undermining confidentiality and potentially violating GDPR requirements. Integrity of data could be compromised, affecting business operations and decision-making processes. Availability could also be impacted if attackers execute destructive SQL commands. Given the public availability of exploit code, attackers could automate attacks against vulnerable systems, increasing the likelihood of compromise. Organizations relying on RuoYi for critical business functions may face operational disruptions, reputational damage, and regulatory penalties. The medium severity rating suggests moderate impact, but the ease of remote exploitation without authentication elevates the threat level. European entities with limited security monitoring or patch management capabilities are particularly at risk.

To mitigate this vulnerability, European organizations should prioritize upgrading to a patched version of the RuoYi framework once available. In the absence of an official patch, organizations should implement immediate compensating controls such as input validation and sanitization at the application level to prevent malicious SQL input from reaching the database. Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the filterKeyword function can provide interim protection. Conduct thorough code reviews focusing on SQL query construction and parameterization to eliminate unsafe concatenation of user inputs. Enforce the principle of least privilege on database accounts used by RuoYi applications to limit the impact of potential exploitation. Regularly monitor logs and network traffic for unusual database queries or access patterns indicative of exploitation attempts. Additionally, organizations should conduct security awareness training for developers to prevent similar vulnerabilities in future releases.