PT-2026-1347 · Frappé Technologies · Frappe
Published
2026-01-05
·
Updated
2026-01-06
·
CVE-2025-68953
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Frappe versions 14.99.5 and below and 15.0.0 through 15.80.1
Description
Frappe, a full-stack web application framework, contains a path traversal issue in certain requests. Insufficient input sanitization allows the potential retrieval of arbitrary files from the server. The issue affects versions 14.99.5 and below, and versions 15.0.0 through 15.80.1.
Recommendations
Update to Frappe version 14.99.6 or later.
Update to Frappe version 15.88.1 or later.
As a workaround, configure a reverse proxy.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe