CVE-2025-30213
Published: 25 March 2025
Summary
CVE-2025-30213 is a high-severity Improper Input Validation (CWE-20) vulnerability in Frappe Frappe. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely patching of the specific RCE flaw in Frappe versions prior to 14.9.1 and 15.52.0, as no workaround exists and upgrade is mandated.
Directly addresses the CWE-20 improper input validation that allows authenticated system users to create specially crafted documents leading to RCE.
Verifies software and information integrity to prevent or detect unauthorized code execution resulting from the exploited input validation vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote code execution vulnerability in a web application framework exploitable by an authenticated low-privilege user over the network, directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068) to achieve full system control.
NVD Description
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch…
more
for the vulnerability. There's no workaround; an upgrade is required.
Deeper analysisAI
CVE-2025-30213 is a remote code execution vulnerability in Frappe, a full-stack web application framework. In versions prior to 14.9.1 and 15.52.0, a system user could create certain documents in a specific way that leads to arbitrary code execution on the server. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-20 (Improper Input Validation), though additional CWE details are unavailable from NVD. It was published on 2025-03-25.
An authenticated system user with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high-impact remote code execution, allowing full control over confidentiality, integrity, and availability of the affected system.
The GitHub security advisory (GHSA-v342-4xr9-x3q3) confirms that versions 14.9.1 and 15.52.0 contain patches for the vulnerability. There is no workaround available, and upgrading to a patched version is required for mitigation.
Details
- CWE(s)