CVE-2025-55731

Published: Aug 20, 2025

Modified: Aug 20, 2025

PUBLISHED

Description

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15.

Vendor	Product	Versions
frappe	frappe	affected `< 14.96.15` affected `>= 15.0.0, < 15.74.2`

Weaknesses (CWE)

CWE-89

References

https://github.com/frappe/frappe/security/advisories/GHSA-5p8f-568f-vfq2

x_refsource_CONFIRM

https://github.com/frappe/frappe/commit/93ee30c638bf7a7e33e2937a0adccac14c38b410

x_refsource_MISC

https://github.com/frappe/frappe/commit/c2b01e3eb6f50e9bd05df0440f5cbf5dfbc1badd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55731

Description

Affected Products

Weaknesses (CWE)

References