CVE-2025-27261 is a high-severity SQL injection vulnerability identified in the Ericsson Indoor Connect 8855 product. This vulnerability arises from improper neutralization of special elements used in SQL commands (CWE-89), allowing an attacker to inject malicious SQL code into the backend database queries executed by the device. Exploiting this flaw does not require user interaction or elevated privileges beyond low-level privileges (PR:L), and the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L). The vulnerability impacts the confidentiality, integrity, and availability of the system, as it can lead to unauthorized disclosure and modification of user and configuration data stored within the device. The CVSS 4.0 base score of 8.7 reflects the high impact and ease of exploitation. Although no known exploits are currently observed in the wild, the vulnerability's nature and severity make it a critical concern for organizations using this Ericsson product. The lack of available patches at the time of publication increases the urgency for mitigation. Given that the Indoor Connect 8855 is a specialized indoor cellular coverage solution, the vulnerability could be exploited to compromise network infrastructure components, potentially affecting connected user devices and internal communications.

For European organizations, the exploitation of CVE-2025-27261 could result in significant operational and security impacts. Unauthorized access to user and configuration data could lead to leakage of sensitive information, including network configuration details, user credentials, or other proprietary data. Modification of configuration data could disrupt indoor cellular coverage, degrade service quality, or cause denial of service conditions. This disruption could affect critical environments such as corporate offices, hospitals, transportation hubs, and industrial facilities relying on Ericsson Indoor Connect 8855 for reliable indoor mobile connectivity. Additionally, compromised devices could serve as footholds for lateral movement within enterprise networks, increasing the risk of broader network compromise. The impact is heightened in sectors with stringent data protection regulations such as GDPR, where data breaches can lead to severe legal and financial penalties.

Given the absence of an official patch at the time of disclosure, European organizations should implement immediate compensating controls. These include restricting network access to the management interfaces of the Indoor Connect 8855 devices by implementing strict firewall rules and network segmentation to limit exposure to trusted administrative hosts only. Employ strong authentication and monitoring on management interfaces to detect and prevent unauthorized access attempts. Regularly audit device logs for suspicious SQL query patterns or anomalous behavior indicative of injection attempts. Where possible, disable or restrict any unnecessary services or interfaces on the device to reduce the attack surface. Organizations should also engage with Ericsson support channels to obtain updates on patch availability and apply them promptly once released. Additionally, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) capable of detecting and blocking SQL injection payloads targeting these devices.