PT-2025-12810 · Frappe · Frappe

Yeuchimse

Publicado

2025-03-25

Atualizado

2025-08-01

CVE-2025-30214

CVSS v4.0

8.0

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.89.0 Frappe versions prior to 15.51.0

Description The issue allows for information disclosure through crafted requests, potentially leading to account takeover.

Recommendations For versions prior to 14.89.0, update to version 14.89.0 or later. For versions prior to 15.51.0, update to version 15.51.0 or later. At the moment, there is no information about other workarounds that can fix this issue without upgrading.

Exploit

Correção

Information Disclosure

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-287

Identificadores relacionados

CVE-2025-30214

GHSA-QRV3-JC3H-F3M6

Produtos afetados

Frappe

PT-2025-12810 · Frappe · Frappe

CVE-2025-30214

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12