CVE-2025-52895
Published: 30 June 2025
Summary
CVE-2025-52895 is a high-severity SQL Injection (CWE-89) vulnerability in Frappe Frappe. Its CVSS base score is 8.7 (High).
Operationally, ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-19587
Vulnerability details
Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in…
more
versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.