CVE-2025-9411 is a medium-severity SQL Injection vulnerability identified in the ruoyi-go product developed by lostvip-com, specifically affecting versions 2.0 and 2.1. The vulnerability resides in the SelectPageList function within the LoginInforService.go file, part of the system module. The flaw arises from improper handling of the 'isAsc' argument, which is used to control sorting order in SQL queries. An attacker can manipulate this parameter to inject malicious SQL code, potentially altering the intended query logic. This vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although the vendor was notified early, no response or patch has been provided, and no known exploits have been observed in the wild yet. The public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability can lead to unauthorized data access, data modification, or disruption of service depending on the database and application context. The absence of patches necessitates immediate attention from users of affected versions to mitigate risk.

For European organizations using ruoyi-go versions 2.0 or 2.1, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of their data and services. Exploitation could allow attackers to extract sensitive information such as user credentials or internal system data, modify records, or disrupt application functionality. Given that ruoyi-go is a framework often used in enterprise applications, the impact could extend to critical business processes, compliance obligations (e.g., GDPR), and customer trust. The remote and unauthenticated nature of the exploit increases the attack surface, especially for internet-facing services. Organizations in sectors with high regulatory scrutiny or handling sensitive personal or financial data are particularly vulnerable. Additionally, the lack of vendor response and patches means that organizations must rely on internal mitigations, increasing operational overhead and risk exposure until a fix is available.

1. Immediate mitigation should include implementing Web Application Firewall (WAF) rules to detect and block suspicious SQL injection patterns targeting the 'isAsc' parameter. 2. Conduct thorough input validation and sanitization on all user-supplied parameters, especially those controlling query logic such as sorting order. 3. Employ parameterized queries or prepared statements in the affected codebase to prevent injection attacks. 4. Restrict database user permissions to the minimum necessary to limit the impact of a successful injection. 5. Monitor application logs and database queries for anomalous activity indicative of injection attempts. 6. If possible, isolate or restrict access to the affected service from untrusted networks until a patch or update is available. 7. Engage with the ruoyi-go community or maintainers to track any forthcoming patches or official advisories. 8. Prepare incident response plans specific to SQL injection attacks, including data integrity verification and recovery procedures. These steps go beyond generic advice by focusing on the specific vulnerable parameter and the current lack of vendor remediation.