CVE-2025-8345 is a SQL Injection vulnerability identified in Shanghai Lingdang Information Technology's Lingdang CRM software versions up to 8.6.4.7. The flaw resides specifically in the delete_user function within the crm/WeiXinApp/yunzhijia/yunzhijiaApi.php file. The vulnerability arises due to improper sanitization or validation of the 'function' argument, which allows an attacker to inject malicious SQL code. This injection can be exploited remotely without requiring user interaction or prior authentication, making it a significant risk. Successful exploitation could allow an attacker to manipulate the backend database, potentially leading to unauthorized data access, modification, or deletion. The disclosed CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) indicates network attack vector, low attack complexity, no user interaction, and partial impacts on confidentiality, integrity, and availability. Although the CVSS score is 5.3 (medium severity), the exploitability is relatively straightforward given the lack of required user interaction and network accessibility. The vendor has released version 8.6.5.2 which addresses this vulnerability, and upgrading is strongly recommended to mitigate risk. No known exploits are currently reported in the wild, but public disclosure of the exploit code increases the likelihood of active exploitation attempts.

For European organizations using Lingdang CRM, this vulnerability poses a risk of unauthorized database access and manipulation, which can lead to data breaches, loss of sensitive customer information, and disruption of CRM operations. Given that CRM systems often contain critical business and customer data, exploitation could result in significant confidentiality and integrity losses, impacting customer trust and regulatory compliance, especially under GDPR. The ability to remotely exploit this vulnerability without authentication increases the threat level, potentially allowing attackers to compromise systems from external networks. This could also facilitate lateral movement within corporate networks if the CRM is integrated with other internal systems. The medium CVSS score suggests moderate impact, but the real-world consequences could be severe depending on the data stored and the organization's reliance on the affected CRM system.

Organizations should immediately upgrade Lingdang CRM to version 8.6.5.2 or later to remediate the vulnerability. Until the upgrade is applied, it is advisable to implement network-level protections such as restricting access to the CRM application to trusted IP addresses or VPN-only access. Web application firewalls (WAFs) should be configured to detect and block SQL injection attempts targeting the vulnerable API endpoint. Regularly audit and monitor CRM logs for unusual database queries or access patterns indicative of exploitation attempts. Additionally, conduct internal penetration testing focusing on the delete_user function and related API calls to verify the effectiveness of applied mitigations. Organizations should also ensure that database accounts used by the CRM have the least privileges necessary to limit the impact of any successful injection. Finally, maintain up-to-date backups of CRM data to enable recovery in case of data corruption or deletion.