CVE-2025-5297 is a stack-based buffer overflow vulnerability identified in version 1.0 of the SourceCodester Computer Store System, specifically within the 'Add' function of the main.c source file. The vulnerability arises due to improper handling and validation of input parameters related to laptopcompany, RAM, and Processor fields. When these arguments are manipulated, they can cause a buffer overflow on the stack, potentially overwriting adjacent memory regions. This type of vulnerability can lead to unpredictable behavior including application crashes, data corruption, or execution of arbitrary code. However, exploitation requires local access with at least low privileges (PR:L), meaning an attacker must have some level of authenticated access to the system to trigger the vulnerability. No user interaction is needed once local access is obtained. The CVSS 4.0 base score is 4.8, categorized as medium severity, reflecting limited impact due to the local attack vector and the requirement for privileges. The vulnerability does not affect confidentiality, integrity, or availability to a high degree, as indicated by the low impact metrics in the CVSS vector. No public exploits are currently known in the wild, and no patches have been linked yet. The presence of this vulnerability in a commercial or internal computer store management system could allow an insider or a compromised user to escalate privileges or execute arbitrary code locally, potentially leading to further compromise of the system or data leakage if combined with other vulnerabilities or misconfigurations.

For European organizations using the SourceCodester Computer Store System 1.0, this vulnerability presents a moderate risk primarily in environments where local access is possible by untrusted or semi-trusted users. The impact is limited by the need for local privileges, so remote attackers cannot exploit this directly. However, in retail or inventory management contexts where multiple employees or contractors have access to the system, an attacker could leverage this flaw to escalate privileges or execute arbitrary code, potentially leading to unauthorized data access or disruption of store operations. Given the nature of the system, sensitive customer or inventory data could be exposed or manipulated. The medium severity rating suggests that while this is not an immediate critical threat, it should be addressed promptly to prevent potential lateral movement or privilege escalation within the network. European organizations with strict data protection regulations (e.g., GDPR) must consider the risk of data breaches resulting from exploitation of this vulnerability, which could lead to regulatory penalties and reputational damage.

1. Immediate mitigation should include restricting local access to the affected system to only trusted and necessary personnel, minimizing the attack surface. 2. Implement strict user privilege management to ensure users have only the minimum required permissions, reducing the risk of exploitation by low-privilege users. 3. Conduct a thorough code review and apply secure coding practices to the 'Add' function and related input handling routines to prevent buffer overflows. 4. Develop and deploy a patch that properly validates and bounds-checks input parameters for laptopcompany, RAM, and Processor fields before processing. 5. Employ runtime protections such as stack canaries, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP) on the host systems to mitigate exploitation impact. 6. Monitor local system logs for unusual activity or crashes that could indicate attempted exploitation. 7. Consider network segmentation to isolate the computer store system from broader enterprise networks, limiting lateral movement in case of compromise. 8. Educate staff about the risks of local exploitation and enforce policies against unauthorized software or script execution on these systems.