CVE-2025-55732 HIGH

CVE-2025-55732: Frappe has the possibility of SQL Injection due to improper validations

Vendor Frappe

Product frappe

Weakness CWE-89 · SQLi

Published August 20, 2025

Last update August 20, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-52895. This vulnerability is fixed in 15.74.2 and 14.96.15.

Key dates

02Disclosure timeline

August 20, 2025 CVE published

August 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-55732

Related vulnerabilities

Identifiers

CVE CVE-2025-55732

CWE CWE-89

CVSS 8.7 / HIGH

Affected versions

Vendor Frappe

Product frappe

Affected >= 15.0.0, < 15.74.2

Vendor Frappe

Product frappe

Affected < 14.96.15

CVE-2025-55732: Frappe has the possibility of SQL Injection due to improper validations

01Description

02Disclosure timeline

03References

04Related CVE