Email Flooding Vulnerability in Frappe Press Application by Frappe
CVE-2025-59421

2.7LOW

Key Information:

Vendor: Frappe
Status: Press
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-59421?

The Frappe Press application, utilized within the Frappe Cloud ecosystem to manage various services including infrastructure and subscriptions, is exposed to an email flooding vulnerability. This flaw allows malicious actors to inundate a user's inbox with repeated invite requests, potentially overwhelming the user's email system. This issue has been resolved in a recent software update, which addresses the core concerns of inbox management and user experience.

Affected Version(s)

press < 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615

References

https://github.com/frappe/press/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/frappe/press/commit/83c3fc7676c5dbbe1f...

x_refsource_MISC

CVSS V4

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 15, 2025