Information Disclosure Vulnerability in Frappe Framework by Frappe Technologies
CVE-2025-30214

8HIGH

Key Information:

Vendor: Frappe
Status: Frappe
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-30214?

The Frappe Framework is susceptible to an information disclosure vulnerability that arises from the processing of specially crafted requests. If exploited, this vulnerability could potentially allow an attacker to gain unauthorized access to sensitive information, leading to a complete account takeover. The issue has been resolved in versions 14.89.0 and 15.51.0 of the Frappe Framework, and users are urged to upgrade their installations to protect against potential exploits.

Affected Version(s)

frappe < 14.89.0 < 14.89.0

frappe >= 15.0.0, < 15.51.0 < 15.0.0, 15.51.0

References

https://github.com/frappe/frappe/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 18, 2025

JSON