CVE-2025-6276 is a SQL Injection vulnerability identified in the Brilliance Golden Link Secondary System, specifically affecting versions up to 20250609. The vulnerability resides in the handling of the 'custTradeName' parameter within the /storagework/rentTakeInfoPage.htm file. An attacker can manipulate this parameter to inject malicious SQL code, potentially allowing unauthorized access or modification of the underlying database. The vulnerability can be exploited remotely without requiring user interaction, but it does require low-level privileges (PR:L) on the system. The CVSS 4.0 vector indicates that the attack complexity is low (AC:L), no authentication is required (AT:N), and the impact on confidentiality, integrity, and availability is low (VC:L, VI:L, VA:L). The scope remains unchanged (S:U), and there is no requirement for user interaction (UI:N). Although the CVSS score is 5.3, categorized as medium severity, the vulnerability is critical in nature due to its potential to allow SQL injection, which can lead to data leakage, unauthorized data manipulation, or disruption of service. No public exploits have been reported in the wild yet, and no patches or mitigation links have been provided at the time of publication. The vulnerability was disclosed publicly on June 19, 2025, which increases the risk of exploitation by threat actors. The affected functionality appears to be part of a web interface related to rental or trade information management, suggesting that sensitive business or customer data could be at risk if exploited.

For European organizations using the Brilliance Golden Link Secondary System, this vulnerability poses a significant risk to the confidentiality and integrity of their data. Exploitation could lead to unauthorized access to sensitive customer or trade information, potentially resulting in data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The ability to remotely exploit the vulnerability without user interaction or high privileges increases the attack surface and risk. Additionally, manipulation of database contents could disrupt business operations, leading to availability issues or corrupted data. Organizations in sectors such as finance, real estate, or rental services that rely on this system could face operational disruptions and financial losses. Given the lack of available patches, organizations may also face challenges in timely remediation, increasing exposure duration.

1. Immediate mitigation should include implementing web application firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the 'custTradeName' parameter. 2. Conduct thorough input validation and sanitization on all user-supplied inputs, especially the 'custTradeName' parameter, to prevent injection of malicious SQL code. 3. Restrict database user privileges associated with the application to the minimum necessary to limit the impact of a potential injection attack. 4. Monitor application logs and database queries for unusual activity indicative of SQL injection attempts. 5. If possible, isolate the affected system segment from critical network zones to reduce lateral movement risk. 6. Engage with the vendor (Brilliance) for updates or patches and apply them as soon as they become available. 7. Perform regular security assessments and penetration testing focused on injection vulnerabilities to identify and remediate similar issues proactively. 8. Educate development and operations teams on secure coding practices and the importance of parameterized queries or prepared statements to prevent SQL injection.