CVE-2025-55703 identifies an error-based SQL injection vulnerability in the Sunbird Power IQ 9.2.0 API. The root cause is an outdated API endpoint that improperly processes input arrays without adequate validation, enabling attackers to inject malicious SQL code. This vulnerability falls under CWE-89, indicating classic SQL injection issues. Exploitation requires low privileges and user interaction, with a high attack complexity, limiting the ease of exploitation. The vulnerability affects the confidentiality of data to a limited extent, with no direct impact on integrity or availability. The scope is confined to systems running the vulnerable API version. The issue was addressed in Power IQ 9.2.1 by revising the API call implementation to ensure safe input handling, effectively mitigating the injection risk. No public exploits or active exploitation campaigns have been reported, suggesting limited current threat activity. However, the presence of this vulnerability in critical monitoring and management software like Power IQ could pose risks if left unpatched, especially in environments where API access is exposed or insufficiently controlled.

For European organizations, the primary impact of this vulnerability is the potential exposure of limited confidential information through manipulated SQL queries. Although the CVSS score is low, organizations using Sunbird Power IQ 9.2.0 in critical infrastructure or data center environments could face increased risk if attackers gain access to the vulnerable API endpoint. The requirement for authentication and user interaction reduces the likelihood of widespread exploitation but does not eliminate targeted attacks. Compromise could lead to unauthorized data disclosure, which may violate data protection regulations such as GDPR. Additionally, attackers might leverage this vulnerability as a foothold for further attacks if combined with other weaknesses. The limited impact on integrity and availability means operational disruption is unlikely, but confidentiality breaches remain a concern. Organizations relying on Power IQ for energy or data center management should assess their exposure and prioritize remediation to maintain compliance and security posture.

European organizations should immediately upgrade Sunbird Power IQ installations from version 9.2.0 to 9.2.1 or later to apply the official fix. In addition, they should audit and restrict API access to trusted users and systems, implementing strict authentication and authorization controls. Employing Web Application Firewalls (WAFs) with SQL injection detection rules can provide an additional defensive layer. Regularly review API logs for unusual or suspicious activity indicative of injection attempts. Conduct security training to ensure users understand the risks of interacting with untrusted inputs. Network segmentation should be applied to isolate management interfaces from general user networks. Finally, integrate vulnerability scanning and penetration testing focused on API endpoints to proactively identify and remediate similar issues before exploitation.