CVE-2025-55006

Name of the Vulnerable Software and Affected Versions Frappe Learning versions 2.33.0 and below

Description Frappe Learning is a learning system designed to help users structure content. The image upload functionality did not properly sanitize uploaded SVG files, allowing users to upload files containing embedded JavaScript or other potentially malicious content. These malicious SVG files could be used to execute arbitrary scripts in the context of other users.

Recommendations Update to version 2.34.0 or later to address this issue.