CVE Catalog

CVE-2025-50341

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

35th percentile - higher than 35% of all known CVEs

Summary

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

Risk Assessment

The risk for the organization includes potential leakage of sensitive data and the possibility of escalating the attack to other system components.

Recommendation

It is recommended to immediately update Axelor to the latest version and to validate and sanitize the _domain parameter in SQL queries.

Original NVD description (English source)

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS