The vulnerability CVE-2025-64371 involves improper neutralization of special elements in SQL commands within the shinetheme Traveler product, enabling Blind SQL Injection attacks. This affects all versions before 3.2.6. The CVSS 3.1 base score is 8.5, indicating a high severity issue with network attack vector, low attack complexity, requiring low privileges and no user interaction. The impact includes high confidentiality loss and low availability impact, with no integrity impact. No vendor patch or advisory details are provided, and the product is not a cloud service.

Successful exploitation could allow an attacker with low privileges to extract sensitive information from the database without direct visibility (Blind SQL Injection). The confidentiality impact is high, meaning sensitive data could be disclosed. The availability impact is low, indicating limited disruption to service. There is no integrity impact reported. No known exploits in the wild have been observed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting database access permissions and monitoring for unusual database queries related to the Traveler product. Avoid exposing the vulnerable application to untrusted networks if possible.