CVE-2025-51506

Published: Aug 19, 2025

Modified: Aug 19, 2025

PUBLISHED

Description

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hrforecast.com/

https://hrforecast.com/smartlibrary-job-architecture/

https://github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2025-51506

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-51506

Description

Affected Products

References