CVE-2025-60542 is a SQL Injection vulnerability identified in the TypeORM library, a popular Object-Relational Mapping (ORM) tool used in Node.js applications to interact with databases. The vulnerability exists in versions prior to 0.3.26 and is triggered via crafted requests to the repository.save or repository.update methods. The root cause lies in the sqlstring library call within TypeORM, where the stringifyObjects option defaults to false. This improper handling allows attackers to inject malicious SQL payloads directly into queries, bypassing typical sanitization mechanisms. The vulnerability does not require authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 score is 6.5 (medium severity), reflecting a network attack vector with low complexity and no privileges required, impacting confidentiality and integrity but not availability. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to applications relying on vulnerable TypeORM versions, potentially leading to unauthorized data disclosure or modification. The lack of a patch link suggests that remediation involves upgrading to TypeORM 0.3.26 or later, where the issue is addressed by changing the default behavior of stringifyObjects or improving input sanitization. This vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), a common and critical class of injection flaws.

For European organizations, the impact of CVE-2025-60542 can be substantial, especially for those developing or maintaining web applications using Node.js and TypeORM. Exploitation could lead to unauthorized disclosure of sensitive data, including personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Data integrity could also be compromised, allowing attackers to alter or corrupt database records, which may disrupt business operations or lead to incorrect decision-making. Since the vulnerability is remotely exploitable without authentication, it increases the attack surface and risk of automated exploitation attempts. Organizations in sectors such as finance, healthcare, e-commerce, and public administration, which often handle sensitive or regulated data, are particularly at risk. Additionally, the medium severity rating indicates that while the vulnerability is serious, it may not lead to full system compromise or denial of service, but the confidentiality and integrity impacts alone warrant urgent attention.

To mitigate CVE-2025-60542, European organizations should: 1) Immediately upgrade all TypeORM dependencies to version 0.3.26 or later, where the vulnerability is fixed. 2) Conduct a thorough code review of all database interaction points, especially those using repository.save and repository.update, to ensure no unsafe or unsanitized inputs are passed. 3) Implement strict input validation and sanitization at the application layer to prevent injection of malicious payloads. 4) Employ Web Application Firewalls (WAFs) with SQL Injection detection rules to provide an additional layer of defense. 5) Monitor application logs and database query logs for unusual or suspicious activity indicative of injection attempts. 6) Educate developers on secure coding practices related to ORM usage and SQL Injection prevention. 7) If upgrading immediately is not feasible, consider temporarily disabling or restricting access to vulnerable endpoints and applying compensating controls such as parameterized queries or prepared statements where possible. 8) Maintain an incident response plan to quickly address any detected exploitation attempts.