The vulnerability CVE-2025-69365 affects TeconceTheme Uroan Core (<= 1.4.4) and is caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection attacks. This allows remote attackers to extract sensitive information from the database without authentication or user interaction. The CVSS v3.1 base score is 9.3, reflecting critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change. The impact includes high confidentiality loss and low availability impact.

Successful exploitation of this vulnerability can lead to unauthorized disclosure of sensitive data from the backend database (high confidentiality impact). The availability impact is low, meaning the system may experience minor disruption but not complete denial of service. Integrity impact is not indicated. No known exploits are reported in the wild, so active exploitation is not confirmed.

Patch status is not yet confirmed — no official patch or remediation guidance is currently available from the vendor. Users should monitor the vendor advisory for updates and apply any official fixes once released. Until a patch is available, consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts specific to this product. Avoid exposing vulnerable endpoints to untrusted networks if possible.