CVE-2025-52895

| EUVD-2025-19587 HIGH
2025-06-30 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 16, 2026 - 01:25 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 01:25 euvd
EUVD-2025-19587
Patch Released
Mar 16, 2026 - 01:25 nvd
Patch available
CVE Published
Jun 30, 2025 - 17:15 nvd
HIGH 7.5

Tags

SQLi Frappe

Description

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.

Analysis

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.

Technical Context

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

Affected Products

Affected products: Frappe Frappe

Remediation

A vendor patch is available — apply it immediately. Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2025-52895 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy