CVE-2025-61488 is a critical remote code execution (RCE) vulnerability found in Senayan Library Management System (SLiMS) version 9.6.1, specifically within the scrap_image.php component. The vulnerability arises from improper validation or sanitization of the imageURL parameter, which an attacker can manipulate to inject and execute arbitrary code on the server remotely. This flaw does not require authentication or user interaction, making it highly exploitable. SLiMS is an open-source library management system widely deployed in academic, public, and research libraries globally, including Europe. The vulnerability allows attackers to gain full control over the affected system, potentially leading to data theft, service disruption, or pivoting within the network. Although no public exploits or patches are currently available, the vulnerability was published on October 20, 2025, and reserved on September 26, 2025, indicating recent discovery. The absence of a CVSS score necessitates a severity assessment based on impact and exploitability factors. Given the ability to execute arbitrary code remotely without authentication, the severity is critical. The vulnerability's exploitation could compromise confidentiality, integrity, and availability of library management systems and their data. The lack of known exploits suggests that proactive mitigation is essential to prevent future attacks.

For European organizations, the impact of CVE-2025-61488 can be severe. Libraries and educational institutions relying on SLiMS 9.6.1 could face unauthorized access to sensitive patron data, including personal information and borrowing records. Successful exploitation could allow attackers to execute arbitrary commands on library servers, leading to data breaches, defacement, ransomware deployment, or lateral movement within institutional networks. This could disrupt library services, affecting students, researchers, and the public. Additionally, compromised systems could be used as footholds for broader attacks on connected academic or governmental networks. The reputational damage and potential regulatory penalties under GDPR for data breaches further elevate the risk. The vulnerability's remote and unauthenticated nature increases the likelihood of exploitation, especially if the affected systems are exposed to the internet or insufficiently segmented internally.

1. Immediately restrict or disable access to the scrap_image.php component, especially from untrusted networks or the internet. 2. Implement strict input validation and sanitization for the imageURL parameter to prevent injection of malicious code. 3. Monitor web server and application logs for unusual requests targeting scrap_image.php or suspicious parameter values. 4. Apply any official patches or updates from the SLiMS development team as soon as they become available. 5. Employ web application firewalls (WAFs) with custom rules to detect and block exploitation attempts targeting this vulnerability. 6. Conduct network segmentation to isolate library management systems from critical infrastructure and limit lateral movement. 7. Perform regular security assessments and penetration testing focused on SLiMS components. 8. Educate IT staff and administrators about this vulnerability and the importance of timely patching and monitoring. 9. If immediate patching is not possible, consider deploying virtual patching techniques via WAF or intrusion prevention systems. 10. Backup critical data regularly and verify restoration procedures to mitigate potential ransomware or destructive attacks.