PT-2025-12810 · Frappe · Frappe

Yeuchimse

Published

2025-03-25

Updated

2025-08-01

CVE-2025-30214

CVSS v4.0

8.0

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.89.0 Frappe versions prior to 15.51.0

Description The issue allows for information disclosure through crafted requests, potentially leading to account takeover.

Recommendations For versions prior to 14.89.0, update to version 14.89.0 or later. For versions prior to 15.51.0, update to version 15.51.0 or later. At the moment, there is no information about other workarounds that can fix this issue without upgrading.

Exploit

Fix

Information Disclosure

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-287

Related Identifiers

CVE-2025-30214

GHSA-QRV3-JC3H-F3M6

Affected Products

Frappe

PT-2025-12810 · Frappe · Frappe

CVE-2025-30214

Weakness Enumeration

Related Identifiers

Affected Products

References · 12