CVE-2025-8929 is a medium severity SQL Injection vulnerability identified in version 1.0 of the code-projects Medical Store Management System, specifically within the MainPanel.java file. The vulnerability arises from improper sanitization or validation of the 'searchTxt' input parameter, which is used directly in SQL queries. This flaw allows an unauthenticated remote attacker to manipulate the SQL query logic by injecting malicious SQL code through the 'searchTxt' argument. The vulnerability does not require user interaction and can be exploited over the network without authentication, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The scope remains unchanged (S:N). Although no known exploits are currently reported in the wild, the public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability could allow attackers to extract sensitive data, modify or delete records, or disrupt the availability of the medical store management system's database, potentially impacting patient data and operational continuity.

For European organizations using the affected Medical Store Management System version 1.0, this vulnerability poses significant risks. Medical stores and healthcare providers rely heavily on accurate and secure management of patient prescriptions, inventory, and transaction data. Exploitation could lead to unauthorized disclosure of sensitive patient information, violating GDPR and other data protection regulations, resulting in legal and financial penalties. Data integrity could be compromised, leading to incorrect medication dispensing or inventory errors, which can have direct patient safety implications. Availability impacts could disrupt store operations, causing delays in medication provision. The medium severity rating suggests a moderate but tangible risk, especially given the critical nature of healthcare data. Organizations may face reputational damage and operational disruptions if the vulnerability is exploited.

To mitigate this vulnerability, organizations should immediately upgrade to a patched version of the Medical Store Management System once available from the vendor. In the absence of an official patch, implement input validation and parameterized queries or prepared statements to sanitize the 'searchTxt' input and prevent SQL injection. Employ Web Application Firewalls (WAFs) configured to detect and block SQL injection patterns targeting the application. Conduct thorough code reviews focusing on database query construction to identify and remediate similar injection points. Restrict database user permissions to the minimum necessary to limit the impact of a potential injection attack. Monitor application logs for unusual query patterns or repeated failed attempts that may indicate exploitation attempts. Additionally, ensure regular backups of the database to enable recovery in case of data corruption or deletion.