CVE-2025-7894 is a critical SQL injection vulnerability identified in the Onyx software, specifically affecting versions 0.29.0 and 0.29.1. The flaw resides in the function generate_simple_sql within the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py, which is part of the Chat Interface component. This vulnerability allows an attacker to manipulate SQL queries by injecting malicious input, potentially enabling unauthorized access to or modification of the underlying database. The attack vector is remote, requiring no user interaction, and can be exploited without authentication, increasing the risk profile. Although the CVSS 4.0 score is 5.3 (medium severity), the vulnerability's characteristics—remote exploitability, no user interaction, and potential for data compromise—suggest significant risk. The vendor has not responded to early disclosure attempts, and no patches are currently available. No known exploits are reported in the wild yet, but public disclosure increases the likelihood of exploitation attempts. The vulnerability impacts the confidentiality, integrity, and availability of data managed by Onyx, especially within its Chat Interface module, which may be critical for organizations relying on this software for communication or knowledge management.

For European organizations using Onyx versions 0.29.0 or 0.29.1, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized data access, data leakage, or data manipulation, undermining confidentiality and integrity. In sectors such as finance, healthcare, or government, where sensitive data is processed, this could result in regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial penalties. The remote and unauthenticated nature of the exploit increases the attack surface, potentially allowing widespread compromise if Onyx is exposed to the internet or insufficiently segmented networks. Additionally, the lack of vendor response and patches means organizations must rely on interim mitigations, increasing operational risk. The vulnerability could also be leveraged as a foothold for further attacks within the network, threatening availability and overall system stability.

Given the absence of official patches, European organizations should implement immediate compensating controls. These include: 1) Restricting network access to Onyx instances by implementing strict firewall rules and network segmentation to limit exposure to trusted IPs only. 2) Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the vulnerable function. 3) Conducting thorough input validation and sanitization at the application layer if source code modification is feasible, especially for inputs processed by generate_simple_sql. 4) Monitoring logs and network traffic for anomalous SQL queries or suspicious activity indicative of exploitation attempts. 5) Planning for rapid upgrade or patch deployment once the vendor releases a fix or considering alternative software solutions if Onyx support remains unavailable. 6) Educating security teams about this vulnerability to ensure timely incident response and threat hunting. 7) Implementing database-level protections such as least privilege access and query parameterization where possible to reduce impact.