CVE-2025-9339 is an SQL injection vulnerability classified under CWE-89, found in the warehouse document filtering form of the SIMPLE.ERP software by Simple SA. The flaw allows authenticated users to inject malicious SQL commands via input fields limited to 20 characters. The vulnerability specifically permits destructive actions such as dropping database tables with names up to 6 characters long. Although the short payload length restricts complex data exfiltration, the ability to delete tables poses a significant risk to data integrity and availability. The vulnerability requires the attacker to be logged in but does not require any additional privileges or user interaction. The CVSS 4.0 base score is 7.1, reflecting high severity due to network attack vector, low attack complexity, no privileges beyond login, and no user interaction needed. The scope is limited to SIMPLE.ERP versions before 6.30@a04.3. No patches are linked yet, and no known exploits have been reported in the wild. The vulnerability was reserved in August 2025 and published in October 2025 by CERT-PL. The absence of data exfiltration capability reduces confidentiality impact, but the destructive potential on database tables can disrupt business operations and cause data loss.

For European organizations using SIMPLE.ERP, this vulnerability threatens the integrity and availability of critical enterprise resource planning data, especially in warehouse and inventory management modules. Successful exploitation could lead to deletion of database tables, causing operational disruptions, loss of inventory records, and potential downtime. While confidentiality impact is limited due to payload constraints, the destruction of data can impair supply chain management, financial reporting, and compliance with regulatory requirements such as GDPR if data recovery is not possible. Organizations in sectors like manufacturing, logistics, and retail that rely heavily on ERP systems for warehouse management are particularly vulnerable. The requirement for authenticated access means insider threats or compromised credentials could be leveraged. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks emerge.

The primary mitigation is to upgrade SIMPLE.ERP to version 6.30@a04.3 or later, where this vulnerability is fixed. In the absence of an immediate patch, organizations should implement strict input validation and sanitization on the warehouse document filtering form to block SQL metacharacters and limit input to expected values. Employ parameterized queries or prepared statements in the affected module to prevent injection. Restrict access to the filtering form to only trusted users and monitor logs for suspicious SQL errors or unusual database activity. Implement multi-factor authentication to reduce risk from compromised credentials. Regularly back up ERP databases and test restoration procedures to minimize impact from potential data deletion. Conduct security awareness training to highlight risks of credential misuse. Coordinate with Simple SA for official patches and security advisories.