CVE-2025-59415 MEDIUM

CVE-2025-59415: Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Vendor Frappe

Product lms

Weakness CWE-79 · XSS

Published September 17, 2025

Last update September 18, 2025

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users.

Key dates

02Disclosure timeline

September 17, 2025 CVE published

September 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59415 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-59415: Frappe Learning vulnerable to Malicious Content upload via Profile bio field

01Description

02Disclosure timeline

03References

04Related CVE