CVE-2025-27302 describes an SQL Injection vulnerability in CHATLIVE software by Claudio Adrian Marrero, affecting versions up to 2.0.1. The vulnerability arises from improper neutralization of special elements in SQL commands, enabling remote attackers to inject SQL code without authentication. The CVSS 3.1 score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L), indicating network attack vector, low attack complexity, no privileges or user interaction required, with a scope change and high confidentiality impact but no integrity impact and low availability impact. No patch or official remediation guidance is currently provided.

Successful exploitation could allow remote attackers to perform SQL injection attacks, potentially leading to unauthorized disclosure of sensitive information from the database (high confidentiality impact). The vulnerability does not impact data integrity but may cause limited availability issues. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting network access to the CHATLIVE application and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable CHATLIVE versions to untrusted networks.