Two-Factor Authentication Bypass in Frappe Cloud Custom App
CVE-2025-53545

6.9MEDIUM

Key Information:

Vendor: Frappe
Status: Press
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-53545?

The Press app by Frappe, used for managing infrastructure and subscription services on Frappe Cloud, contains a vulnerability that allows an attacker to bypass Two-Factor Authentication (2FA). This security flaw arises from insufficient server-side validation, compromising account security. Users are encouraged to update to the patched version to mitigate risks. The fix has been implemented in a recent commit to ensure robust user authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

press < ddb439f8eb1816010f2ef653a908648b71f9bba8

References

https://github.com/frappe/press/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/frappe/press/commit/ddb439f8eb1816010f...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 2, 2025

JSON

Frappe

What is CVE-2025-53545?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.