CVE-2025-52044 is a high-severity SQL Injection vulnerability identified in the Frappe ERPNext platform, specifically in version 15.57.5. The vulnerability exists in the function get_stock_balance() located in the erpnext/stock/utils.py file. This function improperly handles the inventory_dimensions_dict parameter, allowing an attacker to inject malicious SQL code. Exploiting this flaw enables an attacker to extract sensitive information from the underlying database without requiring authentication or user interaction. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), indicating that user-supplied input is not properly sanitized before being incorporated into SQL queries. The CVSS v3.1 base score is 7.5, reflecting a network attack vector with low complexity, no privileges required, and no user interaction needed. The impact is primarily on confidentiality, as the attacker can retrieve data from the database, but it does not affect data integrity or availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. Given the critical role ERPNext plays in managing enterprise resource planning, including inventory and stock management, this vulnerability poses a significant risk to organizations relying on this software for their business operations.

For European organizations using Frappe ERPNext, this vulnerability could lead to unauthorized disclosure of sensitive business data, including inventory levels, supplier information, and potentially customer data stored within the ERP system. Such data breaches can result in financial losses, reputational damage, and regulatory penalties under GDPR due to exposure of personal or business-critical information. Since ERPNext is often used by SMEs and larger enterprises for integrated business management, the compromise of stock and inventory data could disrupt supply chain operations and decision-making processes. Additionally, attackers could leverage extracted data for further targeted attacks or industrial espionage. The lack of required authentication and user interaction increases the risk of automated exploitation attempts, potentially affecting multiple organizations rapidly if a public exploit emerges.

Organizations should immediately audit their ERPNext installations to identify if version 15.57.5 or vulnerable versions are in use. Until an official patch is released, it is recommended to implement the following mitigations: 1) Apply strict input validation and sanitization on the inventory_dimensions_dict parameter at the application or database query layer to prevent injection of malicious SQL code. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the vulnerable endpoint. 3) Restrict network access to the ERPNext application to trusted IP ranges and enforce strong authentication mechanisms to reduce exposure. 4) Monitor database query logs and application logs for unusual or suspicious queries indicative of injection attempts. 5) Prepare for rapid deployment of official patches once available and test updates in a staging environment before production rollout. 6) Consider database-level protections such as using least privilege accounts for the ERPNext application to limit data exposure in case of exploitation.