Medium severity6.5NVD Advisory· Published Aug 19, 2025· Updated Jun 17, 2026
CVE-2025-51506
CVE-2025-51506
Description
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- HRForecast Suite/HRForecast Suitedescription
- Range: =0.4.3
Patches
Vulnerability mechanics
References
3- github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2025-51506nvdThird Party Advisory
- hrforecast.comnvdProduct
- hrforecast.com/smartlibrary-job-architecture/nvdProduct
News mentions
0No linked articles in our index yet.