PT-2025-34075 · Frappe · Frappe
Karen
·
Published
2025-08-20
·
Updated
2025-09-15
·
CVE-2025-55732
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Frappe versions prior to 15.74.2
Frappe versions prior to 14.96.15
Description:
Frappe is a full-stack web application framework. Prior to versions 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, potentially allowing unauthorized access to sensitive information. This issue bypasses a previously released patch.
Recommendations:
Update to Frappe version 15.74.2 or later.
Update to Frappe version 14.96.15 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe