CVE-2025-61167 identifies multiple SQL injection vulnerabilities in the SIGB PMB software version 8.0.1.14, specifically within the /opac_css/ajax_selector.php endpoint. The injection points are the 'id' and 'datas' parameters, which are insufficiently sanitized, allowing an attacker to craft malicious SQL queries. This vulnerability falls under CWE-89, indicating improper neutralization of special elements used in SQL commands. Exploitation requires no authentication or user interaction and can be performed remotely over the network. The CVSS v3.1 base score of 6.5 reflects a medium severity, with attack vector as network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts limited confidentiality and integrity (C:L/I:L) but no availability impact (A:N). Although no exploits are currently known in the wild, the vulnerability could allow attackers to extract sensitive data or modify database contents, potentially undermining data integrity. SIGB PMB is a library management system widely used in academic and public libraries, making this a concern for institutions relying on it for catalog and resource management. The absence of published patches at the time of disclosure increases the urgency for organizations to implement interim mitigations. The vulnerability's exploitation could lead to unauthorized data disclosure and data tampering, affecting trust and compliance with data protection regulations.

For European organizations, especially academic institutions, public libraries, and research centers using SIGB PMB, this vulnerability poses a risk of unauthorized data access and modification. Confidential patron information, catalog records, and resource metadata could be exposed or altered, potentially disrupting library operations and damaging institutional reputation. While availability is not directly impacted, the integrity and confidentiality breaches could lead to regulatory non-compliance under GDPR, resulting in legal and financial consequences. The medium severity rating suggests a moderate risk, but the ease of exploitation without authentication increases the threat level. Organizations relying heavily on SIGB PMB for critical library functions in Europe should consider this vulnerability a priority due to the potential impact on sensitive data and operational trust.

Immediate mitigation should focus on implementing strict input validation and sanitization for the 'id' and 'datas' parameters within the /opac_css/ajax_selector.php component. Deploying a Web Application Firewall (WAF) with rules targeting SQL injection patterns can provide a protective layer until an official patch is released. Organizations should monitor database logs and web server access logs for unusual query patterns or repeated failed attempts indicative of exploitation attempts. Restricting network access to the affected endpoint to trusted IP ranges can reduce exposure. Additionally, conducting a thorough code review of the affected component and related modules to identify and remediate similar injection flaws is recommended. Once available, promptly apply official patches from SIGB PMB vendors. Regular backups of the database should be maintained to enable recovery in case of data tampering. Training developers and administrators on secure coding and input validation best practices will help prevent recurrence.