CVE-2025-30214 HIGH

CVE-2025-30214: Frappe vulnerable to information disclosure leading to account takeover

Vendor Frappe
Product frappe
Weakness CWE-200 · Info exposure
Published March 25, 2025
Last update March 25, 2025

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading.

Key dates

02Disclosure timeline

March 25, 2025 CVE published
March 25, 2025 Record updated