CVE-2025-10839 is a medium-severity SQL Injection vulnerability identified in SourceCodester Pet Grooming Management Software version 1.0. The vulnerability exists in an unspecified function within the /admin/inv-print.php file, where the 'ID' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw enables remote exploitation without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts the confidentiality, integrity, and availability of the underlying database, albeit with limited scope and impact (VC:L, VI:L, VA:L). The CVSS score of 5.3 reflects a moderate risk, with the potential for attackers to extract sensitive data, modify records, or disrupt database operations. No official patches or fixes have been published yet, and while no known exploits are currently observed in the wild, the public availability of exploit code increases the risk of imminent attacks. The vulnerability affects only version 1.0 of the software, which is a niche application used primarily by pet grooming businesses to manage appointments, inventory, and client data. The SQL Injection vector in an administrative module suggests that attackers might gain access to sensitive business and customer information if the system is exposed to the internet or poorly segmented within internal networks.

For European organizations using SourceCodester Pet Grooming Management Software 1.0, this vulnerability poses a tangible risk to business continuity and data privacy. Exploitation could lead to unauthorized disclosure of client personal data, including contact details and pet information, potentially violating GDPR requirements. Integrity of inventory and transaction records could be compromised, leading to financial discrepancies or operational disruptions. Availability impacts could manifest as denial of service or corrupted database states, affecting service delivery. Given the software's specialized use, the overall impact is limited to businesses in the pet grooming sector but could be significant for those relying heavily on this software for daily operations. Additionally, compromised systems could be leveraged as pivot points for broader network attacks, especially in small to medium enterprises with limited cybersecurity defenses.

Organizations should immediately audit their use of SourceCodester Pet Grooming Management Software to identify affected instances. Since no official patches are currently available, mitigation should focus on restricting access to the /admin/inv-print.php endpoint via network segmentation and firewall rules, limiting it to trusted internal IP addresses only. Implementing Web Application Firewalls (WAFs) with SQL Injection detection and prevention capabilities can help block exploit attempts. Administrators should review and sanitize all inputs, especially the 'ID' parameter, applying parameterized queries or prepared statements if source code access is possible. Monitoring logs for suspicious SQL queries or unusual access patterns is critical. Organizations should also consider isolating the application in a hardened environment and preparing for an upgrade or migration to a patched or alternative solution once available. Regular backups of the database should be maintained to enable recovery in case of data corruption or loss.