CVE-2025-50341

Critical CVSS 9.8

Overview

A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation.

CWE: CWE-89 Published: 2025-08-04T21:15:30.260

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries and sensible timeouts; minimize error details.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags