CVE-2025-30217
Published: 26 March 2025
Summary
CVE-2025-30217 is a high-severity SQL Injection (CWE-89) vulnerability in Frappe Frappe. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection in Frappe Framework by requiring validation of all user inputs before they are used in database queries.
Ensures timely remediation of the specific SQL injection flaw in Frappe versions prior to 14.93.2 and 15.55.0 by applying available patches.
Mitigates remote unauthenticated SQL injection attacks on Frappe web applications through boundary protection mechanisms like web application firewalls that filter malicious inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing Frappe web framework directly enables T1190 for remote unauthenticated exploitation; facilitates T1213.006 by allowing arbitrary queries to extract data from the application's database.
NVD Description
Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch…
more
for the issue. No known workarounds are available.
Deeper analysisAI
CVE-2025-30217 is a SQL injection vulnerability (CWE-89) in the Frappe Framework, a full-stack web application framework. It affects versions prior to 14.93.2 and 15.55.0, where improper input handling allows malicious SQL queries to be executed. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high-impact confidentiality violations without affecting integrity or availability.
An unauthenticated attacker with network access can exploit this vulnerability remotely with low attack complexity and no user interaction required. Exploitation enables the attacker to extract sensitive information from the underlying database, potentially exposing user data, credentials, or other confidential records hosted by Frappe-based applications.
The Frappe security advisory (GHSA-6phg-4wmq-h5h3) confirms that versions 14.93.2 and 15.55.0 include patches addressing the issue. No known workarounds are available, so administrators should upgrade affected instances promptly.
Details
- CWE(s)