Code Execution Vulnerability in Frappe Learning by Frappe
CVE-2025-59415

4.6MEDIUM

Key Information:

Vendor: Frappe
Status: Lms
Vendor: CVE Published:; 17 September 2025

What is CVE-2025-59415?

In Frappe Learning, versions 2.34.1 and earlier, a security issue exists due to insufficient sanitization of uploaded content in the profile bio section. This vulnerability allows attackers to upload specially crafted SVG files, potentially enabling the execution of arbitrary scripts in the context of other users' sessions. The flaw underscores the importance of thorough input validation and sanitization practices to prevent unauthorized code execution and protect user data.

Affected Version(s)

lms <= 2.34.1

References

https://github.com/frappe/lms/security/advisories/GHSA-h7...

x_refsource_CONFIRM

https://github.com/frappe/lms/commit/ed162e254690772365d4...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 15, 2025