Security Advisory

CVE-2025-51506

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-19 00:00:00
Last updated 2025-08-19 20:00:09
Assigner mitre
State PUBLISHED

Description

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.