CVE-2025-59554 is an unauthenticated SQL Injection vulnerability (CWE-89) in Advanced Ads GmbH's Advanced Ads – Tracking product affecting versions before 3.0.7. The vulnerability allows remote attackers to inject malicious SQL commands without authentication, potentially leading to full disclosure of sensitive data (confidentiality impact is high) and limited availability impact. The CVSS 3.1 vector indicates network attack vector, low complexity, no privileges or user interaction required, and scope change. No official remediation or patch is currently documented, and no known exploits in the wild have been reported.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary SQL commands on the backend database, resulting in a complete compromise of data confidentiality and partial impact on availability. Integrity impact is not indicated. The high CVSS score reflects the critical nature of this vulnerability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing web application firewalls or other SQL injection mitigations to reduce risk. Monitor vendor communications closely for updates and apply patches promptly once available.