CVE-2025-30214

HIGH

Frappe <14.89.0-15.51.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 32.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-200 CWE-287
Status published
Products (2)
frappe/frappe < 14.89.0
pypi/frappe 0 - 14.89.0PyPI
Published Mar 25, 2025
Tracked Since Feb 18, 2026