CVE-2025-58972 is a path traversal vulnerability identified in the Barcode Scanner with Inventory & Order Manager software, developed by Dmitry V. (CEO of "UKR Solution"). The vulnerability arises from improper sanitization of file path inputs, specifically the use of the sequence '.../...//' which allows attackers to traverse directories beyond the intended scope. This can enable an authenticated user with high privileges to access, modify, or delete arbitrary files on the host system. The affected product versions include all releases up to and including version 1.10.4. The CVSS v3.1 base score of 7.2 reflects the network attack vector (AV:N), low attack complexity (AC:L), requirement for high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits have been reported in the wild, the vulnerability poses significant risks in environments where this software manages critical inventory and order data. The flaw could be leveraged to exfiltrate sensitive information, disrupt inventory operations, or implant malicious files, potentially affecting supply chain integrity. The vulnerability was reserved in early September 2025 and published in November 2025, indicating recent discovery and disclosure. No official patches or mitigations have been linked yet, emphasizing the need for proactive defensive measures.

For European organizations, this vulnerability could lead to severe operational and data security consequences. Inventory and order management systems are critical for retail, manufacturing, and logistics sectors, and exploitation could result in unauthorized data access, manipulation of inventory records, or denial of service. Confidential business information, customer data, and supply chain details could be exposed or corrupted, leading to financial losses and reputational damage. The requirement for high privileges means that insider threats or compromised administrative accounts pose the greatest risk. Disruption in inventory management could cascade into supply chain delays, affecting European markets and consumers. Given the interconnected nature of European supply chains, a successful attack could have broader economic implications, especially in countries with significant manufacturing and retail sectors.

Organizations should immediately audit user privileges within the Barcode Scanner with Inventory & Order Manager application, ensuring that only trusted personnel have high-level access. Implement strict input validation and sanitization on file path parameters to prevent traversal sequences. Monitor logs for suspicious file access patterns indicative of traversal attempts. Network segmentation should isolate inventory management systems from broader corporate networks to limit lateral movement. Until official patches are released, consider deploying virtual patching via web application firewalls or endpoint protection tools that can detect and block path traversal payloads. Regular backups of inventory and order data should be maintained to enable recovery from potential data tampering. Engage with the vendor for timely updates and apply patches promptly once available. Additionally, conduct security awareness training for administrators to recognize and report anomalous system behavior.