CVE-2025-55006
Published: 09 August 2025
Summary
CVE-2025-55006 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Frappe Learning. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Directly implements checks on information inputs to reject invalid data before processing.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing LMS image upload enables direct exploitation (T1190) and delivery/execution of JS payloads via unsanitized SVGs (T1059.007, T1027.017).
NVD Description
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other…
more
potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.
Deeper analysisAI
CVE-2025-55006 is an improper input validation vulnerability (CWE-20) in Frappe Learning, a learning management system for structuring content. It affects versions 2.33.0 and below, specifically in the image upload functionality, which fails to adequately sanitize uploaded SVG files. This allows attackers to upload SVGs containing embedded JavaScript or other malicious content.
The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L). Exploitation requires an authenticated attacker with high privileges to upload a malicious SVG via the image upload feature. When other users view or interact with the uploaded image, the embedded scripts execute in the victim's browser context, enabling arbitrary script execution such as cross-site scripting (XSS).
The GitHub security advisory (GHSA-mvxw-r9x4-3vrr) documents the issue. Mitigation involves upgrading to version 2.34.0, where a fix is planned.
Details
- CWE(s)