Vulnerable Learning Management System from Frappe Exposes Quiz Data
CVE-2025-62778

1.3LOW

Key Information:

Vendor: Frappe
Status: Lms
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62778?

A flaw in Frappe Learning allows unauthorized students to access quizzes by directly using the URL. This vulnerability can lead to exposure of quiz content, giving students access to potentially sensitive academic material without proper authentication. Users of Frappe Learning version 2.39.1 and earlier should ensure they update to the patched version to safeguard against unauthorized data access.

Affected Version(s)

lms <= 2.39.1

References

https://github.com/frappe/lms/security/advisories/GHSA-8x...

x_refsource_CONFIRM

https://github.com/frappe/lms/commit/8749e21744547ae32f72...

x_refsource_MISC

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 22, 2025

JSON