CVE-2025-50341

CRITICAL

Axelor 5.2.4 - SQL Injection via _domain Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50341. PoCs published by millad7.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2025-50341, a Boolean-based SQL injection vulnerability in Axelor v5.2.4. It explains the vulnerability, steps to reproduce, and mitigation strategies, but does not include functional exploit code.

Description

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

Exploits (1)

nomisec WRITEUP
by millad7 · poc
https://github.com/millad7/Axelor-vulnerability-CVE-2025-50341

This repository provides a detailed technical writeup on CVE-2025-50341, a Boolean-based SQL injection vulnerability in Axelor v5.2.4. It explains the vulnerability, steps to reproduce, and mitigation strategies, but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Axelor v5.2.4
Auth required
Prerequisites: Valid user account · Intercepting proxy to modify requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0045
EPSS Percentile 35.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Aug 04, 2025
Tracked Since Feb 18, 2026