CVE-2025-59421

CVSS v4.0

2.7

Low

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Press versions prior to commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615

Description Press, a Frappe custom app used for managing infrastructure, subscriptions, marketplace operations, and software-as-a-service (SaaS), is susceptible to a flaw that allows a malicious actor to flood a user's inbox with repeated invitations (duplicates).

Recommendations Update to commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615 to resolve the issue.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-59421

GHSA-68QM-VP8F-RPR3

Affected Products

Press

CVE-2025-59421

Weakness Enumeration

Related Identifiers

Affected Products

References · 6