CVE-2025-8163 is a SQL Injection vulnerability identified in the deerwms deer-wms-2 software versions up to 3.3. The vulnerability exists in an unspecified component related to the /system/role/list file path, where the argument params[dataScope] is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection flaw can be exploited remotely without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability allows partial compromise of confidentiality, integrity, and availability of the affected system, though the impact is limited (VC:L/VI:L/VA:L). The CVSS 4.0 base score is 5.3, categorizing it as a medium severity issue. While the exploit has been publicly disclosed, there are no known exploits actively used in the wild at this time. The vulnerability arises from insufficient input validation on the dataScope parameter, which could allow attackers to manipulate backend SQL queries, potentially leading to unauthorized data access, data modification, or denial of service. The requirement of low privileges (PR:L) means an attacker must have some level of access, but no user interaction or elevated privileges are necessary. The lack of patches or mitigation links suggests that remediation may still be pending or requires manual intervention.

For European organizations using deer-wms-2 versions 3.0 through 3.3, this vulnerability poses a moderate risk. Given that deer-wms-2 is a warehouse management system, exploitation could lead to unauthorized access or manipulation of inventory, roles, or permissions data, potentially disrupting supply chain operations and logistics. Confidential business data could be exposed or altered, impacting operational integrity and causing financial or reputational damage. The remote exploitability and lack of required user interaction increase the risk of automated attacks. Although the vulnerability requires low-level privileges, insider threats or compromised accounts could leverage this flaw to escalate access or disrupt services. The medium severity rating suggests that while the impact is not catastrophic, it is significant enough to warrant prompt attention, especially in sectors reliant on accurate warehouse management such as manufacturing, retail, and distribution across Europe.

Organizations should immediately audit their use of deer-wms-2 and identify any instances running versions 3.0 to 3.3. Since no official patches are currently linked, mitigation should focus on restricting access to the affected endpoint (/system/role/list) by implementing strict network segmentation and access controls, limiting the exposure of the vulnerable interface to trusted users only. Input validation and web application firewalls (WAFs) should be configured to detect and block suspicious SQL injection patterns targeting the params[dataScope] parameter. Monitoring logs for unusual query patterns or access attempts to the vulnerable endpoint is critical. Additionally, organizations should enforce the principle of least privilege to reduce the risk posed by low-privilege accounts. Engaging with the vendor for timely patch releases or applying custom fixes to sanitize inputs may be necessary. Finally, preparing incident response plans to quickly address any exploitation attempts will help minimize impact.