The vulnerability CVE-2025-54726 exists in the JS Archive List jquery-archive-list-widget by Miguel Useche, where improper neutralization of special elements in SQL commands leads to SQL Injection. This affects all versions prior to 6.1.6. The CVSS 3.1 base score is 9.3, reflecting a critical severity with network attack vector, no privileges or user interaction required, and a scope change with high confidentiality impact and low availability impact. No patch or official fix information is currently available, and no exploits have been observed in the wild.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized disclosure of sensitive data (confidentiality impact is high) and limited disruption of service (availability impact is low). Integrity impact is not indicated. The vulnerability is exploitable remotely without user interaction or privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider restricting access to the affected component and applying any available workarounds recommended by the vendor. Monitor official channels for updates and apply patches promptly once released.