CVE-2025-30213
Published: 25 March 2025
Summary
CVE-2025-30213 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Frappe Frappe. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Frappe is a full-stack web application framework that was vulnerable prior to versions 14.91.0 and 15.52.0. The flaw, tracked as CVE-2025-30213, stems from improper input validation (CWE-20) that permits a system user to create certain documents in a manner that results in remote code execution on the server.
An authenticated attacker with low privileges can reach the affected component over the network and leverage the issue to execute arbitrary code, yielding full control over confidentiality, integrity, and availability of the application without user interaction.
The referenced GitHub Security Advisory states there is no workaround and explicitly requires an upgrade to the patched releases 14.91.0 or 15.52.0.
EPSS for the CVE rose from a low baseline to a peak of 0.0265 on 2026-05-03 before receding to the current value of 0.0083, indicating a measurable increase in exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8081
Vulnerability details
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch…
more
for the vulnerability. There's no workaround; an upgrade is required.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote code execution vulnerability in a web application framework exploitable by an authenticated low-privilege user over the network, directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068) to achieve full system control.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the specific RCE flaw in Frappe versions prior to 14.9.1 and 15.52.0, as no workaround exists and upgrade is mandated.
Directly addresses the CWE-20 improper input validation that allows authenticated system users to create specially crafted documents leading to RCE.
Verifies software and information integrity to prevent or detect unauthorized code execution resulting from the exploited input validation vulnerability.