CVE-2025-8220 identifies a SQL injection vulnerability in Engeman Web, a software product used for enterprise management, affecting versions 12.0.0.0 through 12.0.0.2. The vulnerability exists in the Password Recovery Page component, specifically within the /Login/RecoveryPass endpoint. Attackers can manipulate the LanguageCombobox parameter embedded in a cookie to inject malicious SQL queries. This occurs due to insufficient input validation and sanitization of this parameter before it is incorporated into SQL statements. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its threat potential. Successful exploitation could allow attackers to read, modify, or delete sensitive data stored in the backend database, potentially leading to data breaches, unauthorized access, or denial of service. The vendor has released version 12.0.0.3 which addresses this issue by properly sanitizing the input. Despite early notification, the vendor did not respond prior to public disclosure. The CVSS v4.0 score of 6.9 reflects a medium severity, considering the ease of exploitation and the potential impact on confidentiality, integrity, and availability. No known exploits have been observed in the wild yet, but public availability of the exploit details raises the risk of active attacks.

For European organizations, this vulnerability poses significant risks including unauthorized data access, data manipulation, and potential service outages. Organizations handling sensitive personal data, financial records, or critical operational information stored in Engeman Web databases could face confidentiality breaches and integrity violations. This could lead to regulatory non-compliance under GDPR, reputational damage, and financial losses. The remote, unauthenticated nature of the exploit means attackers can target systems over the internet without needing insider access, increasing the attack surface. If exploited in critical infrastructure or government systems using Engeman Web, the impact could extend to operational disruptions. The medium severity rating suggests a serious but not catastrophic threat, emphasizing the need for timely patching and monitoring.

European organizations should immediately upgrade Engeman Web installations to version 12.0.0.3 or later to remediate the vulnerability. Until patching is complete, implement web application firewalls (WAFs) with custom rules to detect and block suspicious cookie manipulations targeting the LanguageCombobox parameter. Conduct thorough input validation and sanitization audits on all user-supplied data, especially cookies, to prevent similar injection flaws. Monitor logs for unusual SQL errors or anomalous requests to the /Login/RecoveryPass endpoint. Restrict access to the password recovery functionality to trusted networks where feasible. Employ database activity monitoring to detect unauthorized queries. Engage in proactive vulnerability management and ensure vendor communication channels are monitored for updates. Finally, conduct security awareness training to recognize and respond to potential exploitation attempts.