CVE-2025-52043 is a SQL injection vulnerability identified in the Frappe ERPNext platform, specifically in version 15.57.5. The vulnerability exists in the import_coa() function located in the file erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py. This function processes the 'company' parameter, which is insufficiently sanitized before being incorporated into SQL queries. As a result, an attacker can inject malicious SQL code through this parameter, enabling unauthorized extraction of all information stored within the underlying databases. The vulnerability allows attackers to bypass authentication and access controls, potentially exposing sensitive financial and operational data managed by ERPNext. Although no known exploits are currently reported in the wild, the nature of SQL injection vulnerabilities makes exploitation relatively straightforward for attackers with network access to the vulnerable endpoint. The absence of a CVSS score indicates that the vulnerability is newly published and has not yet undergone formal severity assessment. The vulnerability affects ERPNext installations running the specified version, which is an open-source ERP system widely used for enterprise resource planning, accounting, and business management. The lack of available patches or mitigations at the time of publication increases the urgency for organizations to implement compensating controls.

For European organizations, the impact of this vulnerability can be significant due to the critical role ERPNext plays in managing financial data, accounting records, and business operations. Successful exploitation could lead to unauthorized disclosure of sensitive corporate data, including financial statements, customer information, and internal business processes. This could result in regulatory non-compliance, especially under GDPR, leading to legal penalties and reputational damage. Furthermore, attackers could leverage the extracted data for further attacks such as fraud, identity theft, or corporate espionage. The integrity of financial data could also be compromised, affecting decision-making and operational continuity. Given the interconnected nature of ERP systems, a breach could propagate risks to other integrated systems and third-party vendors. The absence of known exploits in the wild currently limits immediate widespread impact, but the potential for rapid exploitation remains high once exploit code becomes publicly available.

European organizations using ERPNext v15.57.5 should immediately audit their systems to identify vulnerable instances. Since no official patches are available at the time of this report, organizations should implement the following specific mitigations: 1) Restrict network access to the ERPNext application, limiting it to trusted internal IP addresses and VPN users only. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'company' parameter in the import_coa() function. 3) Conduct manual code review and apply temporary input validation and parameterized queries in the affected function if possible, to sanitize inputs before database interaction. 4) Monitor application logs for unusual query patterns or error messages indicative of injection attempts. 5) Educate development and operations teams about the vulnerability to ensure rapid response once patches are released. 6) Plan and prioritize upgrading to a patched version of ERPNext as soon as it becomes available. 7) Implement database-level access controls and encryption to limit data exposure in case of exploitation.