CVE-2025-46053 is a SQL Injection vulnerability identified in WebERP version 4.15.2. This vulnerability arises from improper sanitization of user-supplied input in the ReportID and ReplaceReportID parameters within POST requests to the /reportwriter/admin/ReportCreator.php endpoint. An attacker can exploit this flaw by crafting malicious SQL payloads injected into these parameters, which the backend database executes. This allows unauthorized execution of arbitrary SQL commands, potentially enabling attackers to extract sensitive data from the database. The vulnerability does not require authentication or user interaction, increasing its risk profile. The CVSS 3.1 base score is 5.1, indicating a medium severity level, with the vector AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. This means the attack requires local access (AV:L), has low complexity (AC:L), requires no privileges (PR:N), no user interaction (UI:N), and impacts confidentiality and integrity to a limited extent but does not affect availability. The vulnerability is categorized under CWE-89, which corresponds to SQL Injection. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved on April 22, 2025, and published on May 15, 2025. Given the nature of WebERP as an open-source ERP system used primarily by small to medium enterprises for financial and business management, exploitation could lead to unauthorized data disclosure and potential manipulation of business-critical data.

For European organizations using WebERP 4.15.2, this vulnerability poses a risk of unauthorized data disclosure and potential data integrity compromise. Since ERP systems often contain sensitive financial, customer, and operational data, exploitation could lead to leakage of confidential business information, impacting compliance with data protection regulations such as GDPR. The limited impact on availability reduces the risk of operational disruption but does not eliminate the risk of reputational damage or regulatory penalties. Organizations in sectors relying heavily on ERP systems for financial reporting, supply chain management, or customer data management could face targeted exploitation attempts, especially if the system is accessible locally or within internal networks. The requirement for local access reduces the risk from remote attackers but increases the threat from insider threats or attackers who have gained initial footholds within the network.

European organizations should implement the following specific mitigations: 1) Immediately audit all WebERP installations to identify instances running version 4.15.2 and restrict access to the /reportwriter/admin/ReportCreator.php endpoint to trusted administrators only, preferably via network segmentation and access control lists. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the ReportID and ReplaceReportID parameters. 3) Monitor logs for unusual or malformed POST requests to the vulnerable endpoint to detect potential exploitation attempts. 4) Since no official patch is currently available, consider applying temporary code-level mitigations such as input validation and parameterized queries for the affected parameters if source code access and development resources are available. 5) Educate internal users and administrators about the risk of local exploitation and enforce strict privilege management to minimize the number of users with access to vulnerable components. 6) Plan for timely patching once an official fix is released and incorporate this vulnerability into vulnerability management and incident response processes.