CVE-2025-52898 in Frappeinfo

Zusammenfassung

von MITRE • 30.06.2025

Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

20.06.2025

Veröffentlichung

30.06.2025

Moderieren

akzeptiert

Eintrag

VDB-314447

CPE

bereit

CWE

CWE-200 (bestätigt)

CVSS

5.3 (VulDB)

EPSS

0.00379

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-52898
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-52898
CVE Details	https://www.cvedetails.com/cve/CVE-2025-52898/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!