CVE-2025-4725 is a critical SQL Injection vulnerability identified in the itsourcecode Placement Management System version 1.0. The vulnerability resides in the /view_drive.php file, specifically in the handling of the 'ID' parameter. An attacker can remotely manipulate this parameter without any authentication or user interaction to inject malicious SQL code. This injection can allow unauthorized access to the backend database, potentially leading to unauthorized data disclosure, data modification, or even deletion. The vulnerability is exploitable over the network (AV:N), requires low attack complexity (AC:L), and does not require privileges or user interaction (PR:N/UI:N). The impact on confidentiality, integrity, and availability is low to medium (VC:L/VI:L/VA:L), indicating that while the attacker can cause some damage, it may be limited by the system's architecture or database permissions. The CVSS 4.0 base score is 6.9, categorized as medium severity. No official patches have been released yet, and no known exploits are reported in the wild, though the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability affects only version 1.0 of the product, which is a specialized Placement Management System, likely used by educational institutions or recruitment agencies to manage placement drives and candidate data. Given the nature of the system, the data at risk may include personal information of candidates, placement details, and organizational data, which could be sensitive and subject to data protection regulations.

For European organizations, especially educational institutions and recruitment agencies using the itsourcecode Placement Management System 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to personal data of candidates and employees, violating GDPR and other privacy regulations, potentially resulting in legal penalties and reputational damage. Data integrity could be compromised, affecting the accuracy of placement records and organizational decision-making. Availability impacts, while rated low to medium, could disrupt placement operations if the database is manipulated or corrupted. The remote and unauthenticated nature of the attack increases the risk of widespread exploitation if the system is exposed to the internet without adequate protections. Additionally, the public disclosure of the exploit details may lead to opportunistic attacks by cybercriminals targeting vulnerable installations across Europe.

Organizations should immediately audit their deployment of the itsourcecode Placement Management System to identify any instances of version 1.0. Since no official patch is currently available, mitigation should focus on implementing web application firewalls (WAFs) with specific rules to detect and block SQL injection attempts targeting the 'ID' parameter in /view_drive.php. Input validation and parameterized queries should be enforced at the application level if source code access is available. Network segmentation and restricting access to the Placement Management System to trusted internal networks can reduce exposure. Monitoring and logging of database queries and web requests should be enhanced to detect suspicious activity. Organizations should also prepare for patch deployment once available and consider alternative solutions if immediate patching is not feasible. Regular backups of the database should be maintained to enable recovery in case of data corruption or deletion.