Back to search
CVE-2025-52896
Published: Jun 30, 2025
Modified: Jun 30, 2025
PUBLISHED
Description
Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.
| Vendor | Product | Versions |
|---|---|---|
frappe | frappe | affected < 15.57.0affected < 14.94.2 |
Weaknesses (CWE)
References
https://github.com/frappe/frappe/security/advisories/GHSA-hv29-66qg-2v6p
x_refsource_CONFIRM
https://github.com/frappe/frappe/pull/31483
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now