CVE-2025-5613 is a SQL Injection vulnerability identified in version 1.2 of the PHPGurukul Online Fire Reporting System. The vulnerability arises from improper handling of the 'requestid' parameter in the /request-details.php file, allowing an attacker to manipulate this input to inject malicious SQL code. This flaw enables remote attackers to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. The vulnerability is classified as medium severity with a CVSS 4.0 base score of 5.3, reflecting a network attack vector with low complexity and no privileges or user interaction needed. The impact on confidentiality, integrity, and availability is limited but present, as the exploit could allow attackers to read, modify, or delete data related to fire incident reports. Although no public exploits are currently known in the wild, the disclosure of the vulnerability means that exploitation is feasible. The lack of available patches or mitigation guidance from the vendor increases the risk for organizations using this software. Given the critical nature of fire reporting systems in emergency response workflows, exploitation could disrupt incident management or leak sensitive information about fire incidents and responders. The vulnerability affects only version 1.2 of the product, and the exact database backend is unspecified, but the injection vector suggests standard SQL databases are targeted. Organizations using this system should consider this vulnerability a priority for remediation to prevent unauthorized data access or manipulation.

For European organizations, the impact of this vulnerability could be significant, especially for municipal or regional emergency services relying on the PHPGurukul Online Fire Reporting System for managing fire incident data. Successful exploitation could lead to unauthorized disclosure of sensitive incident details, potentially compromising responder safety or public information. Data integrity could be undermined, causing inaccurate reporting or loss of critical incident records, which may delay emergency response or lead to regulatory non-compliance. Availability impact is less severe but possible if attackers manipulate database queries to cause service disruptions. Given the public safety context, even medium-severity vulnerabilities warrant urgent attention. The risk is heightened in countries where this software is deployed in critical infrastructure or government agencies. Additionally, data protection regulations such as GDPR impose strict requirements on safeguarding personal and incident data, so breaches could result in legal and financial penalties. The absence of known exploits in the wild provides a window for proactive mitigation, but the public disclosure increases the likelihood of future attacks targeting European entities.

Specific mitigation steps include: 1) Immediate audit of all PHPGurukul Online Fire Reporting System deployments to identify affected version 1.2 instances. 2) If possible, upgrade to a patched or newer version once available from the vendor. In the absence of an official patch, implement input validation and parameterized queries or prepared statements for the 'requestid' parameter to prevent injection. 3) Employ web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting /request-details.php. 4) Restrict database user permissions to the minimum necessary to limit the impact of potential injection attacks. 5) Monitor logs for suspicious query patterns or repeated access attempts to the vulnerable endpoint. 6) Conduct penetration testing focused on SQL injection vectors to verify the effectiveness of mitigations. 7) Educate IT and security teams about this vulnerability and ensure incident response plans include steps for potential exploitation scenarios. 8) Consider network segmentation to isolate the fire reporting system from broader organizational networks to limit lateral movement in case of compromise.