CVE-2025-9669 is a SQL Injection vulnerability identified in Jinher OA version 1.0, specifically within the processing of the GetTreeDate.aspx file. The vulnerability arises from improper handling of the 'ID' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. The injection flaw can lead to unauthorized access or manipulation of the backend database, potentially exposing sensitive information or enabling further compromise of the system. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, and no privileges or user interaction needed. The vulnerability impacts confidentiality, integrity, and availability to a limited extent due to the low scope and impact metrics. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of exploitation. Jinher OA is an office automation software product, and version 1.0 is affected, indicating that organizations using this legacy or initial release are vulnerable. The lack of available patches or mitigations from the vendor further elevates the risk for affected deployments.

For European organizations using Jinher OA 1.0, this vulnerability poses a significant risk of unauthorized database access and potential data breaches. Exploitation could lead to exposure of sensitive corporate data, disruption of business operations, and potential compliance violations under GDPR due to unauthorized data disclosure. The remote and unauthenticated nature of the attack vector means attackers can exploit this vulnerability over the internet or internal networks without needing credentials, increasing the attack surface. Organizations relying on Jinher OA for critical office automation workflows may face operational disruptions if attackers manipulate or delete data. Additionally, the public availability of exploit code may lead to opportunistic attacks targeting European entities, especially those with limited cybersecurity defenses or delayed patch management. The medium severity rating suggests a moderate but tangible threat level, warranting immediate attention to prevent escalation or chaining with other vulnerabilities.

1. Immediate mitigation should include restricting access to the Jinher OA application, especially the GetTreeDate.aspx endpoint, by implementing network-level controls such as IP whitelisting or VPN access to limit exposure. 2. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'ID' parameter. 3. Conduct thorough input validation and sanitization on all parameters, particularly the 'ID' argument, to prevent injection attacks. 4. If possible, upgrade to a newer, patched version of Jinher OA or apply vendor-provided patches once available. 5. Monitor application and database logs for suspicious queries or anomalies indicative of SQL injection attempts. 6. Implement database least privilege principles to limit the impact of any successful injection, ensuring the application uses accounts with minimal necessary permissions. 7. Educate IT and security teams about this vulnerability and prepare incident response plans in case of exploitation. 8. Consider isolating or segmenting the affected application environment to reduce lateral movement risk.