CVE-2025-65103 is an authenticated SQL Injection vulnerability identified in the OpenSTAManager software developed by devcode-it, affecting all versions prior to 2.9.5. OpenSTAManager is an open-source management platform used primarily for technical assistance and invoicing, often deployed by small and medium enterprises (SMEs). The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), specifically through the 'display' parameter in API requests. An attacker with any level of authentication can manipulate this parameter to inject arbitrary SQL queries. This flaw enables attackers to exfiltrate sensitive data, modify records, or delete database content, potentially leading to full system compromise including unauthorized access to business-critical data and disruption of invoicing and technical support operations. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting high confidentiality, integrity, and availability impacts, with network attack vector, low attack complexity, and requiring only low privileges but no user interaction. Although no exploits have been reported in the wild yet, the vulnerability's nature and ease of exploitation make it a significant risk. The issue was addressed and patched in OpenSTAManager version 2.9.5, which sanitizes input properly to prevent SQL injection. Organizations running vulnerable versions should prioritize upgrading to mitigate risk.

For European organizations, especially SMEs relying on OpenSTAManager for managing technical assistance and invoicing, this vulnerability poses a critical risk. Exploitation can lead to unauthorized disclosure of sensitive customer and financial data, manipulation or deletion of invoicing records, and disruption of business operations. This can result in financial losses, regulatory non-compliance (e.g., GDPR violations due to data breaches), reputational damage, and operational downtime. Since the vulnerability allows any authenticated user to perform SQL injection, insider threats or compromised credentials can be leveraged to escalate attacks. The availability impact could disrupt invoicing and support services, affecting customer trust and revenue streams. Given the widespread use of open-source management tools in European SMEs, the threat could have broad implications if not mitigated promptly.

1. Immediately upgrade OpenSTAManager installations to version 2.9.5 or later, where the vulnerability is patched. 2. Restrict API access strictly to trusted and authenticated users, implementing strong authentication mechanisms such as multi-factor authentication (MFA). 3. Conduct a thorough audit of user permissions to ensure least privilege principles are enforced, minimizing the number of users with API access. 4. Monitor API logs for unusual or suspicious queries, especially those manipulating the 'display' parameter or exhibiting anomalous SQL patterns. 5. Implement Web Application Firewalls (WAFs) with rules designed to detect and block SQL injection attempts targeting the API endpoints. 6. Regularly back up databases and verify backup integrity to enable recovery in case of data tampering or deletion. 7. Educate users and administrators about the risks of SQL injection and the importance of applying security patches promptly. 8. Consider network segmentation to isolate critical management systems from broader corporate networks to limit lateral movement in case of compromise.