216.73.217.50

CVE-2025-68929

· Published 29/12/2025 15:16 · Modified 29/12/2025 15:57

Labels: CVE-2025-68929 2025-12-29CVE-2025-68929CWE-1336[email protected]

Essential information

Published
29/12/2025 15:16
Modified
29/12/2025 15:57
Author
Creator
CVSS
9.0 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template being executed on the server, resulting in remote code execution. Versions 14.99.6 and 15.88.1 fix the issue. No known workarounds are available.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
frappe / frappe cpe:2.3:a:frappe:frappe:14.99.6:*:*:*:*:*:*:*
frappe / frappe cpe:2.3:a:frappe:frappe:15.88.1:*:*:*:*:*:*:*

References