CVE-2025-63742 identifies a critical SQL Injection vulnerability in Xinhu Rainrock RockOA version 2.7.0, a widely used office automation platform. The vulnerability resides in the setwxqyAction function located in the webmain/task/api/loginAction.php file. Attackers can exploit unsanitized input parameters 'shouji' and 'userid' to inject malicious SQL queries. This injection flaw enables unauthorized retrieval of sensitive data, including administrator credentials, password hashes, and database structure details, potentially leading to full database compromise. The absence of input validation or parameterized queries in this function facilitates the attack. Although no CVSS score or patches are currently available, the vulnerability's nature suggests a severe risk. No known exploits are publicly reported yet, but the flaw could be leveraged by attackers to conduct reconnaissance, privilege escalation, or data exfiltration. The vulnerability affects all deployments running version 2.7.0 of RockOA, emphasizing the need for immediate security reviews and mitigations.

For European organizations, exploitation of this vulnerability could result in significant data breaches, including exposure of administrator accounts and password hashes, which may lead to further system compromise. Confidentiality is severely impacted as attackers can access sensitive corporate data and user credentials. Integrity could be compromised if attackers modify database contents, and availability might be affected if the database is corrupted or taken offline. Organizations relying on RockOA for internal communications and document management face operational disruptions and reputational damage. Given the lack of authentication requirements and the ability to exploit remotely via web parameters, the attack surface is broad. This vulnerability could be particularly damaging for sectors handling sensitive information such as government agencies, financial institutions, and healthcare providers within Europe.

European organizations using Xinhu Rainrock RockOA 2.7.0 should immediately conduct a thorough code review focusing on the setwxqyAction function and all input handling in webmain/task/api/loginAction.php. Implement parameterized queries or prepared statements to prevent SQL injection. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious SQL injection attempts targeting 'shouji' and 'userid' parameters. Restrict access to the affected API endpoint through network segmentation and authentication controls where possible. Monitor logs for unusual query patterns or repeated access attempts to these parameters. Until an official patch is released, consider disabling or restricting the vulnerable functionality if feasible. Conduct regular database backups and ensure password hashes use strong, salted hashing algorithms to mitigate damage in case of compromise. Finally, maintain up-to-date threat intelligence feeds to detect emerging exploits related to this vulnerability.