CVE-2025-6875 is a SQL Injection vulnerability identified in SourceCodester Best Salon Management System version 1.0. The vulnerability exists in the /panel/edit-subscription.php file, specifically through the manipulation of the 'editid' parameter. This parameter is insufficiently sanitized, allowing an attacker to inject malicious SQL code remotely without requiring user interaction or authentication. The injection can lead to unauthorized access to the backend database, potentially exposing sensitive customer data, subscription details, or administrative information. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits are currently reported in the wild. The CVSS 4.0 base score is 5.3, indicating a medium severity level, with the vector highlighting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vulnerability's scope is limited to the affected version 1.0 of the Best Salon Management System, which is a niche product used primarily in salon business management contexts.

For European organizations using the SourceCodester Best Salon Management System 1.0, this vulnerability poses a risk of unauthorized data access and potential data manipulation. Given the nature of salon management systems, compromised data could include personal customer information, payment details, and subscription records, which are subject to GDPR regulations in Europe. Exploitation could lead to data breaches, reputational damage, and regulatory penalties. Additionally, attackers could modify subscription data, potentially disrupting business operations or causing financial losses. Although the CVSS score is medium, the ease of remote exploitation without authentication raises concerns, especially for small to medium-sized enterprises that may lack robust security controls. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as public disclosure may lead to rapid development of exploit tools.

European organizations should immediately audit their use of the SourceCodester Best Salon Management System and identify any instances of version 1.0 in their environment. Since no official patch links are provided, organizations should implement the following mitigations: 1) Apply input validation and parameterized queries or prepared statements in the /panel/edit-subscription.php file to sanitize the 'editid' parameter and prevent SQL injection. 2) Restrict network access to the management panel by implementing IP whitelisting or VPN access controls to limit exposure. 3) Monitor web server logs for suspicious requests targeting the 'editid' parameter or unusual database errors. 4) Conduct regular database integrity checks to detect unauthorized modifications. 5) Consider migrating to an updated or alternative salon management system with active security support. 6) Educate staff on recognizing potential signs of compromise and maintaining strong access controls. These steps go beyond generic advice by focusing on immediate code-level fixes, network restrictions, and operational monitoring tailored to this specific vulnerability and product.