PT-2025-40790 · Frappe · Frappe Lms
0Xhamy
·
Published
2025-10-05
·
Updated
2025-10-05
·
CVE-2025-11280
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Frappe LMS version 2.35.0
Description
A flaw exists in Frappe LMS 2.35.0 within the Assignment Picture Handler component, specifically related to the
/files/ file. This issue allows for a remote direct request manipulation, with a high complexity and difficult exploitability. The exploit has been published.Recommendations
Upgrade the affected component.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe Lms