CVE-2025-4352 is a SQL Injection vulnerability identified in the Brilliance Golden Link Secondary System, specifically affecting versions up to 20250424. The vulnerability arises from improper handling of the 'custTradeId' parameter in the web application endpoint located at /reprotframework/tcEntrFlowSelect.htm. An attacker can manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to or modification of the backend database. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing the risk of exploitation. Despite being classified as critical by the vendor, the CVSS 4.0 score assigned is 5.3 (medium severity), reflecting factors such as the requirement for low privileges and limited impact on confidentiality, integrity, and availability. The vulnerability does not require user interaction and can be exploited over the network, but the impact on data confidentiality, integrity, and availability is considered limited. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability disclosure date is May 6, 2025, indicating recent public awareness. The SQL Injection flaw could allow attackers to extract sensitive data, modify database contents, or disrupt application functionality, depending on the database permissions and application logic. The lack of authentication requirement and remote exploitability make this a significant risk for organizations using the affected software.

For European organizations using the Brilliance Golden Link Secondary System, this vulnerability poses a risk of unauthorized data access and potential data manipulation. Given that the system likely handles trade or financial data (implied by the parameter name 'custTradeId'), exploitation could lead to exposure of sensitive customer or transaction information, impacting confidentiality and potentially leading to financial fraud or regulatory non-compliance under GDPR. The medium severity rating suggests limited but non-negligible impact, possibly due to partial mitigations or limited database privileges. However, the remote exploitability without authentication increases the attack surface, especially for organizations with internet-facing deployments of this system. Disruption of service or data integrity issues could affect operational continuity and trust. The absence of known exploits in the wild currently reduces immediate risk, but public disclosure increases the likelihood of future exploitation attempts. European entities in finance, trade, or sectors relying on Brilliance's software should be particularly vigilant.

Organizations should immediately audit their deployments of the Brilliance Golden Link Secondary System to identify affected versions (up to 20250424). Until an official patch is released, implement web application firewall (WAF) rules to detect and block SQL injection attempts targeting the 'custTradeId' parameter, including typical SQL injection payloads. Conduct thorough input validation and sanitization on all user-supplied parameters, especially 'custTradeId', to prevent injection. Restrict database user permissions to the minimum necessary to limit the impact of any injection. Monitor logs for suspicious activity related to the vulnerable endpoint. Network segmentation and limiting external access to the affected system can reduce exposure. Engage with the vendor for timely patch releases and apply updates as soon as available. Additionally, perform penetration testing focusing on SQL injection vectors to verify the effectiveness of mitigations.