- Description
- Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
⚠️ Vulnerability Alert: Triple Threat in Frappe Framework 📅 Timeline: Disclosure: 2025-03-25, Patch: 2025-03-25 🆔cveId: CVE-2025-30212; CVE-2025-30213; CVE-2025-30214 📊baseScore: 8.0 📏cvssMetrics:
@syedaquib77
27 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30214 🔴 HIGH (8) 🏢 frappe - frappe 🏗️ < 14.89.0 🔗 https://t.co/2nOengq8Dk #CyberCron #VulnAlert #InfoSec https://t.co/WsGfkww93j
@cybercronai
26 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30214 🔴 HIGH (8) 🏢 frappe - frappe 🏗️ < 14.89.0 🔗 https://t.co/2nOengq8Dk #CyberCron #VulnAlert #InfoSec https://t.co/XAdChaA0om
@cybercronai
25 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30214 Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could furth… https://t.co/bqJcwFSsOX
@CVEnew
25 Mar 2025
349 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes