Access Control Flaw in Frappe Learning by Frappe
CVE-2025-64705

1.3LOW

Key Information:

Vendor: Frappe
Status: Lms
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-64705?

Frappe Learning, a platform designed to facilitate user content organization, was found to have an access control vulnerability affecting versions from 2.0.0 to prior to 2.41.0. This flaw allowed unauthorized users to view submissions made by other students, potentially compromising the privacy of user data. The issue has been addressed in version 2.41.0, which implements improved role management and prevents direct URL access to sensitive submission data.

Affected Version(s)

lms >= 2.0.0, < 2.41.0

References

https://github.com/frappe/lms/security/advisories/GHSA-qr...

x_refsource_CONFIRM

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Nov 10, 2025

JSON