CVE-2025-68400 is a critical SQL Injection vulnerability identified in the ChurchCRM open-source church management system. The flaw resides in the legacy endpoint `/Reports/ConfirmReportEmail.php`, which, despite being removed from the user interface in recent versions, remains accessible directly via URL. This endpoint improperly neutralizes special elements in the `familyId` parameter, allowing an attacker to inject malicious SQL commands. Notably, exploitation requires only authentication, but no specific permissions or user interaction, making it highly accessible to any authenticated user, including those with zero assigned privileges. The vulnerability affects all ChurchCRM versions prior to 6.5.3, which contains the patch that removes or secures this endpoint. The CVSS 4.0 base score is 9.3, reflecting critical severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed, combined with high impact on confidentiality, integrity, and availability of the database. The vulnerability is a classic example of 'dead but reachable code,' where legacy functionality remains exposed, increasing the attack surface. Although no public exploits have been reported yet, the ease of exploitation and potential damage to sensitive church member data and operational integrity make this a significant threat. Organizations relying on ChurchCRM for managing sensitive personal and organizational data must prioritize patching or mitigating this vulnerability immediately.

The impact of CVE-2025-68400 on European organizations using ChurchCRM can be severe. Exploitation allows attackers to perform arbitrary SQL commands, potentially leading to unauthorized data disclosure, data modification, or deletion. This compromises the confidentiality, integrity, and availability of sensitive church member information and organizational records. Given that any authenticated user can exploit this vulnerability without needing elevated permissions, insider threats or compromised low-privilege accounts pose a significant risk. The disruption or manipulation of church management data can affect operational continuity, trust, and compliance with data protection regulations such as GDPR. Additionally, exploitation could serve as a foothold for further network compromise. European organizations with limited cybersecurity resources or those unaware of the legacy endpoint's existence are particularly vulnerable. The critical CVSS score underscores the urgency of addressing this vulnerability to prevent potentially catastrophic data breaches or service outages.

To mitigate CVE-2025-68400, European organizations should immediately upgrade ChurchCRM to version 6.5.3 or later, where the vulnerable endpoint is removed or secured. If immediate upgrading is not feasible, organizations should implement strict access controls to restrict access to the `/Reports/ConfirmReportEmail.php` endpoint, such as web application firewall (WAF) rules blocking requests to this URL or IP-based restrictions limiting access to trusted administrators only. Conduct thorough audits to identify any legacy or unused endpoints exposed on the web server and remove or disable them. Implement robust authentication and monitoring to detect anomalous activities from authenticated users, especially those with minimal permissions. Regularly review and sanitize all user inputs in custom or legacy code to prevent injection flaws. Additionally, organizations should perform database activity monitoring to detect suspicious queries indicative of SQL injection attempts. Finally, ensure that backups of critical data are maintained securely to enable recovery in case of data integrity compromise.