CVE-2025-55703 identifies an error-based SQL injection vulnerability in the Sunbird Power IQ 9.2.0 API. The root cause is an outdated API endpoint that improperly applies arrays without sufficient input validation, allowing attackers to inject malicious SQL code. This vulnerability falls under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). Exploitation requires low privileges (authenticated user) and user interaction, with a high attack complexity, limiting the ease of exploitation. The vulnerability affects the confidentiality of data by enabling attackers to manipulate SQL queries, potentially extracting sensitive information from the backend database. The vulnerability does not impact integrity or availability directly. The vendor addressed this issue in Power IQ version 9.2.1 by updating the API call code to ensure safe handling and validation of input values, effectively mitigating the risk. No public exploits or active exploitation campaigns have been reported to date. The CVSS v3.1 base score is 2.5, reflecting the limited scope and complexity of the attack vector. Power IQ is widely used in data center infrastructure management and energy monitoring, making this vulnerability relevant for organizations relying on these systems.

For European organizations, the primary impact of CVE-2025-55703 is the potential unauthorized disclosure of sensitive data managed by Power IQ 9.2.0 systems. Since Power IQ is commonly deployed in data centers and facilities management, exploitation could expose operational data, energy usage statistics, or configuration details, which may aid further attacks or industrial espionage. The low severity and high attack complexity reduce the likelihood of widespread exploitation; however, organizations with critical infrastructure or sensitive operational data should consider the risk significant. The requirement for authenticated access and user interaction limits remote exploitation but does not eliminate insider threat or targeted attack scenarios. Failure to patch could lead to compliance issues under GDPR if personal or sensitive data is exposed. Overall, the impact is moderate but warrants timely remediation to prevent potential data leaks and maintain operational security.

European organizations using Sunbird Power IQ 9.2.0 should immediately plan and execute an upgrade to version 9.2.1 or later, where the vulnerability is fixed. In addition to patching, organizations should audit API usage logs to detect any anomalous or unauthorized API calls that might indicate attempted exploitation. Implement strict access controls and multi-factor authentication for users accessing the Power IQ API to reduce the risk of credential compromise. Conduct regular input validation reviews and penetration testing focused on API endpoints to identify similar vulnerabilities proactively. Network segmentation should be applied to isolate management interfaces from general user networks, limiting exposure. Finally, ensure that security monitoring tools are configured to alert on suspicious SQL errors or injection patterns within application logs.