A critical SQL Injection vulnerability, identified as CVE-2025-7343, has been discovered in multiple products utilizing the SFT (Shop Floor Tracking) system developed by Digiwin. This flaw allows a remote, unauthenticated attacker to gain complete control over the application's database. Successful exploitation could lead to a severe data breach, unauthorized data modification, or complete data loss, posing a critical risk to business operations and data integrity.

The vulnerability exists because the application fails to properly sanitize user-supplied input before it is used in a SQL query. An unauthenticated remote attacker can send specially crafted input to an exposed application endpoint. This malicious input is then executed directly by the back-end database, allowing the attacker to inject and run arbitrary SQL commands. This enables the attacker to bypass authentication mechanisms and perform unauthorized actions, including reading sensitive data (e.g., SELECT), modifying records (e.g., UPDATE), and deleting database contents (e.g., DELETE, DROP TABLE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation can have a catastrophic business impact. An attacker could exfiltrate an entire database, leading to a major data breach of sensitive corporate information, customer data, and intellectual property. The ability to modify and delete data could cripple business operations by corrupting financial records, disrupting supply chain and manufacturing processes, and causing significant service outages. The potential consequences include severe financial loss from remediation costs and regulatory fines, irreparable reputational damage, and a complete loss of customer trust.

Immediate Action: Immediately update all affected products incorporating the Digiwin SFT system to the latest patched version as recommended by the vendor. Prioritize patching for systems that are exposed to the internet. Concurrently, initiate enhanced monitoring for any signs of exploitation and thoroughly review historical access logs for indicators of compromise.

Proactive Monitoring: Implement robust monitoring of web server, application, and database logs. Look for suspicious requests containing SQL syntax and keywords (e.g., UNION, SELECT, ', --, #), unusually long or malformed input strings, and a spike in database error messages. Monitor network traffic for anomalous data flows from database servers to external destinations, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, apply the following controls to mitigate risk:

• Web Application Firewall (WAF): Deploy a WAF with a strict ruleset designed to detect and block SQL injection attack patterns.
• Access Control: Restrict network access to the vulnerable application. If possible, remove it from direct internet exposure and require access via a VPN with multi-factor authentication.
• Least Privilege: Ensure the database account used by the application has the minimum permissions necessary for its function, restricting its ability to perform destructive actions like dropping tables.

Public Exploit Available: False (as of the date of this analysis)

Given the critical CVSS score of 9.8, this vulnerability represents an immediate and severe threat to the organization. The ability for an unauthenticated attacker to remotely compromise the database requires urgent attention. We strongly recommend that the vendor's patch be applied to all affected systems as the highest priority. Although there is no evidence of active exploitation at this time, the public disclosure of this vulnerability makes it a prime target. Organizations must act preemptively to apply the patch or, if unable, implement compensating controls like a WAF and network segmentation without delay to prevent a potentially devastating security incident.