The vulnerability CVE-2025-68056 exists in LambertGroup's LBG Zoominoutslider plugin (versions ≤ 5.4.4) and is caused by improper neutralization of special elements in SQL commands, enabling SQL Injection attacks. The CVSS 3.1 score is 8.5 (high), with an attack vector of network, low attack complexity, requiring low privileges and no user interaction. The scope is changed, impacting confidentiality (high) and availability (low), but not integrity. No official patch or remediation details are provided in the available data.

Successful exploitation could allow an attacker with low privileges to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized disclosure of sensitive information (high confidentiality impact) and limited disruption of service (low availability impact). Integrity is not impacted according to the CVSS vector. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, restrict access to the affected plugin and monitor for unusual database activity. Avoid exposing the vulnerable component to untrusted networks if possible.