CVE-2025-4863 is a SQL Injection vulnerability identified in Advaya Softech's GEMS ERP Portal version 2.1. The vulnerability resides in the /studentLogin/studentLogin.action endpoint, specifically in the handling of the userId parameter. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access to the backend database. The vulnerability is classified as medium severity with a CVSS 4.0 score of 5.3, reflecting moderate impact and exploitability. The attack vector is network-based with low attack complexity and no user interaction required, but it requires low privileges (PR:L), indicating that some level of authentication or access might be necessary. The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L), meaning that while exploitation can lead to data leakage, modification, or disruption, the scope and severity of these impacts are limited. No public exploits are currently known in the wild, but the exploit details have been disclosed publicly, increasing the risk of future exploitation. No patches or fixes have been linked yet, so affected organizations must rely on mitigation strategies until an official update is available.

For European organizations using the Advaya Softech GEMS ERP Portal 2.1, this vulnerability poses a significant risk to the security of sensitive data managed within the ERP system, particularly student-related information given the affected endpoint. Successful exploitation could lead to unauthorized data access, data manipulation, or service disruption, potentially violating data protection regulations such as GDPR. The medium severity rating suggests that while the threat is not critical, it is serious enough to warrant immediate attention, especially in sectors like education and administration where ERP systems are integral. The remote exploitability without user interaction increases the risk of automated attacks or targeted intrusions. Organizations may face reputational damage, regulatory fines, and operational disruptions if this vulnerability is exploited.

1. Immediate mitigation should include implementing Web Application Firewall (WAF) rules specifically designed to detect and block SQL injection attempts targeting the userId parameter in the /studentLogin/studentLogin.action endpoint. 2. Conduct a thorough code review and input validation enhancement for all user-supplied inputs, especially the userId parameter, to enforce strict type and format checks. 3. Employ parameterized queries or prepared statements in the backend database interactions to prevent SQL injection. 4. Monitor logs for unusual database query patterns or repeated failed login attempts that may indicate exploitation attempts. 5. Restrict access to the vulnerable endpoint by IP whitelisting or VPN access where feasible to reduce exposure. 6. Engage with Advaya Softech for timely patches or updates and plan for rapid deployment once available. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include scenarios involving SQL injection attacks on ERP systems.