CVE-2025-4504 is a critical SQL Injection vulnerability identified in version 1.0 of the SourceCodester Online College Library System. The vulnerability exists in an unspecified function within the /index.php file, where the 'Category' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection flaw can be exploited remotely without any authentication or user interaction, making it highly accessible to attackers. The SQL Injection can lead to unauthorized access to the backend database, enabling attackers to read, modify, or delete sensitive data stored within the library system. Given that the exploit has been publicly disclosed, the risk of exploitation is elevated, although no confirmed active exploitation in the wild has been reported yet. The CVSS 4.0 score of 6.9 (medium severity) reflects the vulnerability's potential impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction required. The vulnerability affects only version 1.0 of the product, which is a web-based application typically deployed by educational institutions to manage library resources and user data.

For European organizations, particularly educational institutions and libraries using the SourceCodester Online College Library System version 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of sensitive student and faculty information, manipulation or deletion of library records, and potential disruption of library services. Such data breaches could violate GDPR regulations, leading to legal and financial penalties. The integrity of academic records and resource availability could be compromised, affecting institutional reputation and operational continuity. Additionally, attackers could leverage the compromised system as a foothold for further network intrusion or lateral movement within the organization's infrastructure.

Organizations should immediately assess their deployment of the SourceCodester Online College Library System and identify if version 1.0 is in use. Since no official patch links are currently available, administrators should implement the following specific mitigations: 1) Apply input validation and parameterized queries or prepared statements to sanitize the 'Category' parameter and any other user inputs to prevent SQL injection. 2) Employ Web Application Firewalls (WAFs) configured to detect and block SQL injection patterns targeting the vulnerable parameter. 3) Restrict database user permissions to the minimum necessary to limit potential damage from injection attacks. 4) Monitor web server and database logs for suspicious query patterns indicative of SQL injection attempts. 5) Consider isolating the affected system from critical network segments until a patch or update is available. 6) Engage with the vendor or community to obtain or develop a security update addressing this vulnerability. 7) Educate IT staff and users about the risks and signs of exploitation to enable early detection and response.