CVE-2025-14185 is a SQL injection vulnerability identified in Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp. The vulnerability resides in an unspecified function within the Java class file nc/pubitf/erm/mobile/appservice/AppServletService.class. Specifically, the 'usercode' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code remotely. This injection flaw can be exploited without requiring authentication or user interaction, increasing the risk of unauthorized database queries. The vulnerability's CVSS 4.0 score is 5.3 (medium), reflecting its network attack vector, low attack complexity, and lack of required privileges or user interaction, but with limited impact on confidentiality, integrity, and availability. The vendor was notified early but has not issued any patches or advisories. Publicly available exploits increase the risk of potential attacks, although no active exploitation has been reported. The vulnerability could allow attackers to extract sensitive information, modify or delete data, or disrupt application functionality, depending on the database permissions and environment configuration.

For European organizations using Yonyou U8 Cloud, this vulnerability poses a risk of unauthorized access to sensitive business data, including financial and operational information managed by the ERP system. Successful exploitation could lead to data breaches, data integrity issues, and potential disruption of critical business processes. Given that Yonyou U8 Cloud is an enterprise resource planning platform widely used in sectors such as manufacturing, finance, and logistics, the impact could extend to supply chain disruptions and regulatory compliance violations (e.g., GDPR) if personal or sensitive data is exposed. The lack of vendor response and patches increases the window of exposure, making organizations more vulnerable to targeted attacks. Additionally, the remote and unauthenticated nature of the exploit facilitates easier attack execution by threat actors.

European organizations should immediately conduct an inventory to identify deployments of Yonyou U8 Cloud versions 5.0, 5.0sp, 5.1, and 5.1sp. Until an official patch is released, organizations should implement strict network-level controls to restrict access to the affected application endpoints, especially the AppServletService interface, limiting it to trusted internal networks or VPN users. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'usercode' parameter. Conduct thorough input validation and sanitization on all user-supplied data where possible, potentially through application-layer proxies or middleware. Monitor logs for suspicious SQL query patterns or repeated failed attempts indicative of exploitation attempts. Engage with Yonyou support channels for updates and consider applying virtual patching techniques. Additionally, ensure regular backups of critical data and have incident response plans ready to address potential breaches.