CVE-2025-10870 is a critical SQL injection vulnerability identified in DIAL's CentrosNet version 2.64 and earlier. The flaw resides in the improper neutralization of special elements in the 'ultralogin' parameter processed by the /centrosnet/ultralogin.php script. An attacker can exploit this by sending crafted POST or GET requests that inject malicious SQL commands, enabling unauthorized access to the backend database. This can lead to unauthorized retrieval, modification, creation, or deletion of database records, severely compromising data confidentiality, integrity, and availability. The vulnerability requires no authentication or user interaction, making it highly exploitable remotely over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) reflects the ease of exploitation and the high impact on all security properties. Although no public exploits have been observed yet, the critical nature of the vulnerability and the widespread use of CentrosNet in network management contexts make it a significant threat. The lack of an official patch at the time of publication increases the urgency for interim mitigations and monitoring.

For European organizations, exploitation of this vulnerability could lead to severe data breaches, unauthorized data manipulation, and potential disruption of network management operations. Given CentrosNet's role in managing network devices and infrastructure, attackers could leverage this flaw to compromise critical systems, leading to operational downtime or further lateral movement within networks. Confidential information stored in the databases could be exposed or altered, impacting privacy compliance obligations such as GDPR. The integrity of network configurations could be undermined, causing service outages or degraded performance. The availability of network services might also be affected if attackers delete or corrupt essential data. The vulnerability's remote exploitability without authentication increases the risk of widespread attacks, especially in sectors with high reliance on DIAL products, including telecommunications, government agencies, and critical infrastructure providers across Europe.

Immediate mitigation steps include implementing strict input validation and sanitization on the 'ultralogin' parameter at the web application firewall (WAF) or reverse proxy level to block malicious SQL payloads. Network segmentation should be enforced to restrict access to the /centrosnet/ultralogin.php endpoint only to trusted internal systems or administrators. Monitoring and logging of all requests to this endpoint should be enhanced to detect anomalous or suspicious activity indicative of exploitation attempts. Organizations should engage with DIAL to obtain and apply security patches or updates as soon as they become available. In the interim, consider disabling or restricting access to the vulnerable functionality if feasible. Conduct thorough audits of database integrity and access logs to identify any prior unauthorized activity. Additionally, implement least privilege principles for database access and ensure backups are current and tested for recovery in case of data corruption or loss.