CVE-2025-55703 – An error-based SQL injection vulnerability in S... (How to Fix)

Q: What is the severity of CVE-2025-55703?

CVE-2025-55703 has a CVSS score of 2.5 (LOW). An error-based SQL injection vulnerability in Sunbird Power IQ 9.2.0 API allows attackers to manipulate SQL queries through an outdated endpoint with insufficient input validation. This affects organizations using Power IQ 9.2.0 for data center infrastructure management. The vulnerability has been fixed in version 9.2.1.

📋 TL;DR

An error-based SQL injection vulnerability in Sunbird Power IQ 9.2.0 API allows attackers to manipulate SQL queries through an outdated endpoint with insufficient input validation. This affects organizations using Power IQ 9.2.0 for data center infrastructure management. The vulnerability has been fixed in version 9.2.1.

💻 Affected Systems

Products:

Sunbird Power IQ

Versions: 9.2.0

Operating Systems: All platforms running Power IQ

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific outdated API endpoint mentioned in the vulnerability description.

📦 What is this software?

Power Iq by Sunbirddcim

View all CVEs affecting Power Iq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary SQL commands, potentially leading to data theft, data manipulation, or complete database compromise.

🟠

Likely Case

Limited data extraction or manipulation due to API endpoint constraints and authentication requirements.

🟢

If Mitigated

Minimal impact with proper network segmentation and API access controls in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires knowledge of the vulnerable API endpoint and ability to craft SQL injection payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.1

Vendor Advisory: https://www.sunbirddcim.com/

Restart Required: Yes

Instructions:

1. Download Power IQ 9.2.1 from Sunbird website. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart Power IQ services.

🔧 Temporary Workarounds

API Endpoint Restriction

all

Block or restrict access to the vulnerable API endpoint using web application firewall or network controls.

Input Validation Enhancement

all

Implement additional input validation at the application layer for array parameters.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Power IQ from untrusted networks.
Deploy web application firewall with SQL injection protection rules.

🔍 How to Verify

Check if Vulnerable:

Check Power IQ version via web interface or system logs. Version 9.2.0 is vulnerable.

Check Version:

Check web interface admin panel or review application logs for version information.

Verify Fix Applied:

Confirm Power IQ version is 9.2.1 or later after update.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed API requests with SQL-like patterns

Network Indicators:

Unusual traffic patterns to Power IQ API endpoints
Requests containing SQL injection payloads

SIEM Query:

source="poweriq" AND ("sql" OR "syntax" OR "error") AND status=500

📊 Metadata

CVE ID: CVE-2025-55703

CVSS v3 Score: 2.5 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

CWE: CWE-89

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: December 15, 2025

Last Updated: December 30, 2025

🔗 References

https://pastebin.com/C6hVPpF4 Third Party Advisory
https://www.sunbirddcim.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55703, you might also want to check these: