CVE-2025-9391 is a medium-severity SQL Injection vulnerability affecting Bjskzy Zhiyou ERP version 11.0. The flaw resides in the getFieldValue function of the com.artery.workflow.ServiceImpl component. Specifically, the vulnerability arises from improper sanitization or validation of the 'sql' argument passed to this function, allowing an attacker to inject malicious SQL commands. This injection can be performed remotely without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L/VI:L/VA:L), meaning that an attacker could potentially read, modify, or disrupt data within the ERP system but with some constraints. The vendor has not responded to the disclosure, and no official patches are currently available. Although no known exploits in the wild have been reported yet, the exploit code has been publicly released, increasing the risk of exploitation. The ERP system is a critical business application managing enterprise resources, so exploitation could lead to unauthorized data access, data corruption, or operational disruption within affected organizations. The vulnerability's medium severity score (5.3) reflects the balance between ease of exploitation and the limited scope of impact due to required privileges (PR:L) and partial impact on data confidentiality and integrity.

For European organizations using Bjskzy Zhiyou ERP 11.0, this vulnerability poses a significant risk to business operations and data security. Successful exploitation could lead to unauthorized access to sensitive business data, including financial records, employee information, and operational workflows. Data integrity could be compromised, potentially causing erroneous business decisions or compliance violations under GDPR and other data protection regulations. Availability impacts could disrupt critical ERP functions, affecting supply chain management, inventory control, and customer service. Given the ERP's role in enterprise management, exploitation could also facilitate lateral movement within corporate networks, increasing the risk of broader compromise. The lack of vendor response and absence of patches heighten the urgency for European organizations to implement mitigations proactively. Additionally, the public availability of exploit code increases the likelihood of opportunistic attacks targeting vulnerable ERP deployments in Europe.

European organizations should immediately conduct an inventory to identify any deployments of Bjskzy Zhiyou ERP version 11.0. In the absence of vendor patches, organizations should implement the following mitigations: 1) Apply strict input validation and sanitization at the application or database layer to filter and block malicious SQL inputs targeting the getFieldValue function. 2) Employ Web Application Firewalls (WAFs) with custom rules designed to detect and block SQL injection patterns specific to this vulnerability. 3) Restrict database user privileges associated with the ERP application to the minimum necessary, limiting the potential impact of injection attacks. 4) Monitor ERP logs and network traffic for unusual queries or access patterns indicative of exploitation attempts. 5) Segment the ERP system network to reduce exposure and lateral movement risks. 6) Consider deploying runtime application self-protection (RASP) solutions if available. 7) Engage with the vendor or community for updates and patches, and plan for an upgrade once a fix is released. 8) Educate IT and security teams about this vulnerability and the importance of rapid detection and response.