CVE-2025-11281

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Frappe LMS version 2.35.0

Description A flaw exists in Frappe LMS that allows for improper access controls. The issue is related to an unknown function within the /courses/ file of the Unpublished Course Handler component. The attack can be initiated remotely and is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations Upgrade the affected component.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-11281

Affected Products

Frappe Lms

CVE-2025-11281

Weakness Enumeration

Related Identifiers

Affected Products

References · 11