CVE-2025-50341

CRITICAL

Axelor 5.2.4 - SQL Injection

Title source: llm

Description

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

Exploits (1)

nomisec WRITEUP

by millad7 · poc

https://github.com/millad7/Axelor-vulnerability-CVE-2025-50341

View Code ZIP pw:eip

References (2)

[Various Sources] http://axelor.com

[Various Sources] https://github.com/millad7/Axelor-vulnerability-CVE-2025-50341

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 24.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Published Aug 04, 2025

Tracked Since Feb 18, 2026