QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59421

Published: Sep 18, 2025

Modified: Sep 19, 2025

PUBLISHED

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615.

Vendor	Product	Versions
frappe	press	affected `< 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615`

Weaknesses (CWE)

References

https://github.com/frappe/press/security/advisories/GHSA-68qm-vp8f-rpr3

x_refsource_CONFIRM

https://github.com/frappe/press/commit/83c3fc7676c5dbbe1fd5092d21d95a10c7b48615

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.