Open Redirect Vulnerability in Frappe Framework
CVE-2025-62407

6.1MEDIUM

Key Information:

Vendor: Frappe
Status: Frappe
Vendor: CVE Published:; 16 October 2025

What is CVE-2025-62407?

The Frappe framework, a full-stack web application framework, contains a vulnerability that allows for open redirects via the redirect argument on the login page. This issue is triggered when a certain type of URL is provided to the redirect argument, which can potentially lead users to malicious websites unknowingly. The vulnerability has been addressed in the updates of versions 14.98.0 and 15.83.0.

Affected Version(s)

frappe >= 15.0.0, < 15.83.0 < 15.0.0, 15.83.0

frappe < 14.98.0 < 14.98.0

References

https://github.com/frappe/frappe/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Oct 13, 2025

JSON