CVE-2025-65103 identifies an SQL Injection vulnerability classified under CWE-89 in the OpenSTAManager software developed by devcode-it. OpenSTAManager is an open-source management tool used for technical assistance and invoicing. The vulnerability exists in versions prior to 2.9.5 and is triggered via the API's 'display' parameter. Authenticated users, regardless of their permission level, can inject malicious SQL code through this parameter. This improper neutralization of special elements in SQL commands allows attackers to execute arbitrary SQL queries against the backend database. Potential consequences include unauthorized data disclosure, data manipulation, deletion, and ultimately full system compromise. The vulnerability is remotely exploitable over the network without user interaction but requires valid authentication credentials. The CVSS v3.1 score of 8.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and privileges required. The issue was publicly disclosed on November 19, 2025, and has been addressed in OpenSTAManager version 2.9.5. No public exploit code or active exploitation has been reported to date.

For European organizations, this vulnerability poses significant risks, especially for those relying on OpenSTAManager for managing technical support and invoicing operations. Successful exploitation could lead to exposure of sensitive customer and financial data, manipulation or deletion of critical records, and disruption of business processes. This could result in regulatory non-compliance under GDPR due to data breaches, financial losses, reputational damage, and operational downtime. Since the vulnerability allows privilege escalation within the application context, even low-privileged users can cause severe damage. Organizations in sectors such as manufacturing, IT services, and SMEs using OpenSTAManager are particularly vulnerable. The impact extends beyond data loss to potential full system compromise, which could be leveraged for further lateral movement or ransomware attacks.

European organizations should immediately upgrade OpenSTAManager to version 2.9.5 or later to apply the official patch. Until the update is applied, restrict API access to trusted users and networks only, employing network segmentation and strict access controls. Implement robust authentication mechanisms, including multi-factor authentication, to reduce the risk of credential misuse. Monitor API logs for unusual or suspicious 'display' parameter usage indicative of injection attempts. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the API. Conduct regular security assessments and code reviews to identify similar injection flaws. Additionally, ensure database accounts used by the application have the least privileges necessary to limit the impact of potential exploitation. Finally, maintain up-to-date backups to enable recovery from data loss or corruption.