External risk intelligence

Axelor SQL Injection Vulnerability Allows Data Exposure

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-50341

Axelor is an ERP and BPM platform typically deployed as a web application. Such platforms are commonly exposed to the internet to facilitate remote access for employees, partners, or customers, making the web interface and its associated parameters, such as the one identified in this vulnerability, frequently reachable from the public internet.

SQL Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A recently identified vulnerability in the Axelor platform allows attackers to manipulate database queries, potentially exposing sensitive information or enabling further system compromise. The issue stems from a flaw in how the system handles specific parameters, which could be exploited remotely without requiring any user interaction.

  • SQL injection flaw impacts Axelor software.
  • Critical flaw could expose business data.
  • Confirm relevance and exposure of Axelor systems.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a crafted request to a web-facing Axelor application. The attacker would target the `_domain` parameter, which is susceptible to manipulation. By injecting malicious SQL code into this parameter, the attacker can alter the application's database queries, potentially leading to unauthorized access to sensitive information or further compromise of the system.

  • Publicly accessible web application.
  • Specially crafted `_domain` parameter.
  • Unauthorized data access or system compromise.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to manipulate SQL queries through the `_domain` parameter. When conditions are met, an attacker might be able to infer information about the underlying database structure or application logic, potentially leading to the exposure of sensitive data or further unauthorized actions.

  • SQL query logic and application data.
  • Manipulating the `_domain` parameter.
  • Unauthorized data access or system manipulation.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Axelor, an ERP and BPM platform, likely impacts teams responsible for application security and web application infrastructure. The initial priority is to locate all instances of the affected technology, determine their exposure and criticality, and identify the accountable system owner to plan a coordinated remediation strategy.

  • Application owners should own the issue.
  • Verify internet-facing instances first.
  • Plan remediation with vendor coordination.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Axelor software platform?

Axelor is an integrated Enterprise Resource Planning (ERP) and Business Process Management (BPM) suite. Organizations use this web-based platform to manage core business operations, such as human resources, inventory, and supply chain processes, typically through a centralized web interface.

How does CVE-2025-50341 work?

This is a Boolean-based SQL injection vulnerability, categorized as CWE-89. It means the application fails to properly sanitize input, allowing an attacker to inject SQL commands. By observing how the application responds to different true or false conditions in a database query, an attacker can extract sensitive information piece by piece.

What triggers this SQL injection flaw?

The vulnerability is triggered by sending a specially crafted request to the system that targets the '_domain' parameter. It does not require any interaction from a user or administrative privileges to initiate. Simply sending a standard request that lacks this specific malicious input will not trigger the bug.

Is my Axelor instance at risk?

According to Halo Surface Signal, Axelor platforms are frequently deployed as internet-facing web applications to allow remote access for users. If your instance is reachable from the public internet, it is at higher risk because the '_domain' parameter is directly accessible to remote, unauthenticated attackers.

What should I do to secure my system?

Begin by auditing your infrastructure to identify all deployed Axelor instances. Prioritize securing those that are reachable from the internet. Coordinate with your vendor to obtain the necessary updates and work with the system owners to implement a remediation plan that removes the vulnerability.

References