CVE-2025-53122 is a medium-severity SQL Injection vulnerability (CWE-89) identified in The OpenNMS Group's Horizon and Meridian network management applications. The flaw arises from improper neutralization of special elements in SQL commands, allowing an attacker with low privileges (PR:L) and network access (AV:A) to inject malicious SQL code without requiring user interaction or authentication. The vulnerability affects versions Horizon 33.0.8 and earlier, and Meridian 25.2.1 and earlier. Exploitation could lead to high confidentiality impact, as attackers may extract sensitive data from the backend database. However, integrity and availability impacts are rated none, indicating limited or no ability to modify or disrupt data or services. The vulnerability is exploitable only within an organization's private network, as the software is intended not to be exposed directly to the Internet. The CVSS 4.0 vector (AV:A/AC:L/PR:L/UI:N/VC:H/VI:N/VA:N) reflects these conditions. No known exploits are currently reported in the wild. Users are advised to upgrade to Meridian 2024.2.6 or Horizon 33.16 or newer to remediate the issue. The vulnerability underscores the importance of secure coding practices in network management tools that often hold critical infrastructure data and configurations.

For European organizations, this vulnerability poses a significant risk primarily to internal network security. OpenNMS Horizon and Meridian are used for network monitoring and management, often holding sensitive operational data and configuration details. Successful exploitation could lead to unauthorized data disclosure, potentially exposing network topology, device credentials, or other sensitive information. This could facilitate further lateral movement or targeted attacks within the network. Although the vulnerability does not directly impact availability or integrity, the confidentiality breach alone can have severe consequences, including compliance violations under GDPR if personal or sensitive data is exposed. Since the software is intended for private network deployment, the risk is heightened if internal network segmentation or access controls are weak. European organizations with complex network infrastructures relying on OpenNMS products must consider this vulnerability critical to their internal security posture.

1. Immediate upgrade to Meridian 2024.2.6 or Horizon 33.16 or later versions as recommended by the vendor to ensure the vulnerability is patched. 2. Restrict network access to OpenNMS management interfaces strictly to trusted administrative hosts and segments using firewall rules and network segmentation to minimize exposure. 3. Implement strong internal access controls and monitoring to detect anomalous queries or access patterns that may indicate exploitation attempts. 4. Conduct regular code audits and penetration testing focusing on SQL injection vectors within custom or third-party network management tools. 5. Employ database-level protections such as least privilege principles for the OpenNMS database user accounts to limit data exposure in case of injection. 6. Use Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect SQL injection patterns within internal network traffic. 7. Educate network and security teams about the risks of internal-facing vulnerabilities and the importance of patch management even for non-internet-facing systems.