CVE-2025-30214
Published: 25 March 2025
Summary
CVE-2025-30214 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Frappe Frappe. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the specific information disclosure flaw in Frappe, fixed by upgrading to versions 14.89.0 or 15.51.0.
Validates information inputs to reject crafted requests that exploit the vulnerability and expose sensitive information.
Filters system outputs to prevent the disclosure of sensitive information resulting from crafted requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated information disclosure in a public-facing web framework, directly enabling exploitation via T1190 Exploit Public-Facing Application. The sensitive data leakage can facilitate account takeover, mapping to T1078 Valid Accounts.
NVD Description
Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix…
more
this without upgrading.
Deeper analysisAI
CVE-2025-30214 is an information disclosure vulnerability in Frappe, a full-stack web application framework. In versions prior to 14.89.0 and 15.51.0, attackers can send crafted requests to expose sensitive information, potentially enabling account takeover. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-287 (Improper Authentication).
Remote, unauthenticated attackers with network access can exploit the vulnerability with low attack complexity and no user interaction. Exploitation yields high confidentiality impact through data leakage, which can chain into account takeover by leveraging the disclosed information.
The official Frappe security advisory (GHSA-qrv3-jc3h-f3m6) at https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6 confirms that upgrading to version 14.89.0 or 15.51.0 resolves the issue, with no workaround available short of applying these patches.
Details
- CWE(s)