CVE-2025-15421 is a remotely exploitable SQL Injection vulnerability found in Yonyou KSOA version 9.0, specifically within the HTTP GET parameter handler of the /worksheet/agent_worksadd.jsp file. The vulnerability arises from improper sanitization of the 'ID' parameter, allowing an attacker to inject malicious SQL queries. This can lead to unauthorized data access, modification, or deletion within the backend database. The attack vector requires no authentication or user interaction, making it highly accessible to remote attackers. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity, with low complexity and no privileges required. The vendor has not responded to early disclosure attempts, and no official patches are currently available. The exploit code is publicly accessible, increasing the likelihood of exploitation. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as the scope is confined to the affected component. Given the critical role of Yonyou KSOA in enterprise resource planning and business process management, exploitation could disrupt business operations and expose sensitive corporate data.

For European organizations, exploitation of this vulnerability could result in unauthorized access to sensitive business data, manipulation or deletion of critical records, and potential disruption of enterprise workflows managed by Yonyou KSOA. This could lead to financial losses, regulatory non-compliance (especially under GDPR), and reputational damage. Since the vulnerability is remotely exploitable without authentication, attackers could target exposed web interfaces directly. Organizations in sectors such as manufacturing, finance, and government that rely on Yonyou KSOA for operational management are particularly at risk. The lack of vendor response and patches increases the window of exposure, making timely mitigation essential. Additionally, the public availability of exploit code raises the risk of automated attacks and widespread exploitation attempts.

1. Implement strict input validation and sanitization on all parameters, especially the 'ID' parameter in the /worksheet/agent_worksadd.jsp endpoint, to block malicious SQL payloads. 2. Deploy Web Application Firewalls (WAFs) with updated rules to detect and block SQL injection attempts targeting Yonyou KSOA. 3. Restrict external access to the affected web application components by network segmentation or VPN access to reduce exposure. 4. Monitor logs for suspicious SQL queries or unusual database activity indicative of exploitation attempts. 5. If possible, disable or restrict the vulnerable functionality temporarily until a vendor patch is available. 6. Engage with Yonyou support channels to demand a security patch or official guidance. 7. Conduct regular security assessments and penetration tests focusing on SQL injection vectors within the application. 8. Educate internal teams about the risks and signs of SQL injection attacks to improve detection and response.