CVE-2025-50341
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk35th percentile - higher than 35% of all known CVEs
Summary
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.
Risk Assessment
The risk for the organization includes potential leakage of sensitive data and the possibility of escalating the attack to other system components.
Recommendation
It is recommended to immediately update Axelor to the latest version and to validate and sanitize the _domain parameter in SQL queries.
Original NVD description (English source)
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

