A critical SQL Injection vulnerability, identified as CVE-2025-57140, exists within the rsbi-pom component, affecting multiple products. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the backend database, potentially leading to a complete compromise of data confidentiality, integrity, and availability.

This vulnerability is a classic SQL Injection flaw located in the /bi/service/model/DatasetService endpoint of products using the rsbi-pom 4.7 component. An attacker can exploit this by sending a specially crafted request to this endpoint containing malicious SQL syntax. The application fails to properly sanitize this user-supplied input before incorporating it into a database query, allowing the attacker's malicious code to be executed by the database server. A successful exploit could allow an unauthenticated attacker to bypass security controls, read, modify, or delete sensitive data, and potentially gain administrative control over the database or the underlying server.

This vulnerability is rated as critical with a CVSS score of 9.8, indicating a high likelihood of exploitation with severe consequences. Successful exploitation can lead to a significant data breach, exposing sensitive corporate data, customer personally identifiable information (PII), or financial records. The attacker could manipulate or destroy critical data, causing severe operational disruptions and financial loss. A complete system compromise resulting from this vulnerability would pose a significant reputational, legal, and regulatory risk to the organization.

Immediate Action: Organizations must first identify all assets that utilize the vulnerable rsbi-pom 4.7 component. Once identified, immediately apply the security updates provided by the respective product vendors to upgrade to the latest, non-vulnerable version. Concurrently, monitor for any signs of active exploitation by reviewing web server and application access logs for suspicious requests targeting the vulnerable path.

Proactive Monitoring:

• Analyze web server, firewall, and application logs for requests to the /bi/service/model/DatasetService path containing SQL keywords (e.g., UNION, SELECT, DROP, '--') or common injection patterns.
• Implement alerting for multiple failed login attempts or unusual queries originating from the application's database user account.
• Monitor for anomalous outbound network traffic from the database server, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with a strict ruleset designed to detect and block SQL injection attacks against the vulnerable endpoint.
• Restrict network access to the /bi/service/model/DatasetService path, allowing connections only from trusted IP addresses.
• Ensure the application's database user account adheres to the principle of least privilege, limiting its permissions to only what is absolutely necessary for application functionality.

Public Exploit Available: False

This is a critical vulnerability that requires immediate attention. Organizations must prioritize the identification of all systems using the vulnerable rsbi-pom 4.7 component and apply the necessary updates provided by product vendors without delay. Although this vulnerability is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion and widespread exploitation. Until patches are applied, implementing compensating controls such as WAF rules and enhanced monitoring is strongly advised to mitigate the immediate risk of compromise.