Caching Issue in Frappe Learning Affects Role Revocation
CVE-2025-64707

1.2LOW

Key Information:

Vendor: Frappe
Status: Lms
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-64707?

Frappe Learning, a comprehensive learning management system, has a vulnerability where changes to user roles are not immediately reflected due to caching mechanisms. Specifically, when an administrator revokes a user's role in versions 2.0.0 to prior 2.41.0, the effects are delayed, potentially allowing unauthorized access. This issue has been rectified in version 2.41.0 by implementing a feature that ensures the cache is cleared promptly after role updates, enhancing overall security and user management.

Affected Version(s)

lms >= 2.0.0, < 2.41.0

References

https://github.com/frappe/lms/security/advisories/GHSA-w2...

x_refsource_CONFIRM

CVSS V4

Score:

1.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Nov 10, 2025

JSON