CVE-2025-8123 is a SQL Injection vulnerability identified in the deerwms deer-wms-2 product, specifically affecting versions 3.0 through 3.3. The vulnerability resides in an unspecified function within the /system/dept/edit file, where the 'ancestors' parameter is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection flaw can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to unauthenticated attackers with network access to the vulnerable application. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no confirmed exploits have been observed in the wild yet. The CVSS 4.0 base score is 5.3, indicating a medium severity level. The vector details (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) suggest that the attack can be launched over the network with low attack complexity, no user interaction, and requires low privileges, with limited impact on confidentiality, integrity, and availability. The vulnerability could allow an attacker to read or modify database contents, potentially leading to unauthorized data disclosure or data manipulation within the deer-wms-2 system. However, the scope of impact is limited to the application’s database and does not extend to system-level compromise or widespread availability disruption. No patches or fixes have been linked yet, so mitigation currently relies on workarounds or access restrictions.

For European organizations using deerwms deer-wms-2 versions 3.0 to 3.3, this vulnerability poses a risk of unauthorized access to sensitive data stored within the application’s database. Given deer-wms-2 is a warehouse management system, compromised data could include inventory records, supplier details, and operational workflows, potentially disrupting supply chain management and logistics. Data integrity issues could lead to incorrect stock levels or shipment errors, impacting business operations and customer satisfaction. Although the vulnerability requires low privileges, the lack of user interaction and network accessibility means attackers could exploit it remotely, increasing exposure. Organizations in sectors with stringent data protection regulations, such as GDPR in the EU, may face compliance risks if personal or sensitive data is leaked. The medium severity rating suggests a moderate risk, but the public disclosure and absence of patches elevate the urgency for mitigation. The impact is primarily on confidentiality and integrity of data within the application, with limited direct effect on system availability.

1. Immediate mitigation should focus on restricting network access to the deer-wms-2 application, limiting it to trusted internal networks or VPNs to reduce exposure to remote attackers. 2. Implement Web Application Firewall (WAF) rules specifically designed to detect and block SQL injection attempts targeting the 'ancestors' parameter in the /system/dept/edit endpoint. 3. Conduct thorough input validation and sanitization on all parameters, particularly 'ancestors', to prevent injection of malicious SQL code. If source code access is available, apply parameterized queries or prepared statements to eliminate injection vectors. 4. Monitor application logs for unusual database query patterns or repeated access attempts to the vulnerable endpoint, enabling early detection of exploitation attempts. 5. Engage with the vendor or community to obtain or develop patches or updates addressing this vulnerability as soon as they become available. 6. Perform a security audit of the deer-wms-2 deployment to identify any other potential injection points or weaknesses. 7. Educate system administrators and developers about secure coding practices and the importance of timely patching to prevent similar vulnerabilities.