CVE-2025-55472 is a SQL Injection vulnerability identified in Tirreno version 0.9.5, specifically targeting the /admin/loadUsers API endpoint. The vulnerability stems from improper handling of user-supplied input in the columns[0][data] parameter. This parameter is directly incorporated into SQL queries without adequate validation or the use of parameterized queries, allowing an attacker to inject malicious SQL code. Exploiting this flaw could enable an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even deletion. Since the vulnerability resides in an administrative API endpoint, successful exploitation likely requires some level of authentication or access to the admin interface, although the exact authentication requirements are not specified. No patches or fixes have been published yet, and there are no known exploits in the wild at this time. The absence of a CVSS score indicates that the vulnerability is newly disclosed and has not yet undergone formal severity assessment. However, SQL Injection vulnerabilities are generally considered critical due to their potential to compromise confidentiality, integrity, and availability of data. Tirreno appears to be a software product with an administrative backend, and the vulnerability’s presence in a core API endpoint suggests a significant security risk if left unmitigated.

For European organizations using Tirreno v0.9.5, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized access to sensitive user data, including personally identifiable information (PII), which would have serious compliance implications under GDPR and other data protection regulations. Data integrity could be compromised, affecting business operations and trustworthiness of the system. Additionally, attackers might leverage this vulnerability to escalate privileges or pivot within the network, increasing the scope of potential damage. The administrative nature of the affected endpoint means that organizations with exposed or weakly protected admin interfaces are at higher risk. The lack of known exploits currently reduces immediate threat but does not eliminate the risk, as attackers often develop exploits rapidly after public disclosure. European organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on Tirreno or similar software for user management should be particularly vigilant.

Immediate mitigation steps include restricting access to the /admin/loadUsers API endpoint to trusted administrators only, ideally via network segmentation and strong authentication mechanisms such as multi-factor authentication (MFA). Organizations should implement Web Application Firewalls (WAFs) with rules designed to detect and block SQL Injection attempts targeting this endpoint. Until an official patch is released, code-level mitigations such as input validation and sanitization should be applied if source code access is available. Monitoring and logging of API access should be enhanced to detect anomalous activities indicative of exploitation attempts. Organizations should also conduct thorough security assessments and penetration tests focusing on the admin interfaces. Finally, maintaining up-to-date backups and having an incident response plan ready will help mitigate potential damage if exploitation occurs.