PT-2025-49978 · Frappe · Frappe Helpdesk

Cristian Vargas

Published

2025-12-05

Updated

2026-01-06

CVE-2025-10655

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Frappe HelpDesk version 1.14.0

Description A SQL injection issue exists in Frappe HelpDesk within the get dashboard data function of the dashboard component. This is due to the unsafe combination of user-supplied data directly into SQL queries. The vulnerability allows for potential unauthorized access or modification of data.

Recommendations Apply updates to address the SQL injection issue in the get dashboard data function.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2026-07541

CVE-2025-10655

Affected Products

Frappe Helpdesk

PT-2025-49978 · Frappe · Frappe Helpdesk

CVE-2025-10655

Weakness Enumeration

Related Identifiers

Affected Products

References · 7