Cyber Posture

CVE-2025-68953

High

Published: 05 January 2026

Published
05 January 2026
Modified
09 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0008 22.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68953 is a high-severity Path Traversal (CWE-22) vulnerability in Frappe Frappe. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
Why these techniques?

Path traversal enables direct arbitrary file reads (T1005) and supports file/directory discovery (T1083) on the local system without auth.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on…

more

some requests. This issue is fixed in versions 14.99.6 and 15.88.1. To workaround, changing the setup to use a reverse proxy is recommended.

Deeper analysisAI

CVE-2025-68953 is a path traversal vulnerability (CWE-22) affecting the Frappe full-stack web application framework. Versions 14.99.5 and below, as well as 15.0.0 through 15.80.1, contain requests lacking proper sanitization, enabling attackers to retrieve arbitrary files from the server. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with no requirements for authentication or user interaction.

Remote attackers without privileges can exploit this issue over the network with low complexity by crafting malicious requests that traverse directory paths. Successful exploitation allows reading sensitive arbitrary files on the server, potentially exposing configuration data, source code, or other critical information, though it does not enable modification or execution of code.

The vulnerability is fixed in Frappe versions 14.99.6 and 15.88.1, as detailed in GitHub commits 3867fb112c3f7be1a863e40f19e9235719f784fb and 959efd6a498cfaeaf7d4e0ab6cca78c36192d34d, and the security advisory GHSA-xj39-3g4p-f46v. As a workaround, administrators are advised to configure a reverse proxy in front of the application.

Details

CWE(s)
CWE-22

Affected Products

frappe
frappe
≤ 14.99.6 · 15.0.0 — 15.88.1

CVEs Like This One

CVE-2025-30212Same product: Frappe Frappe
CVE-2026-39351Same product: Frappe Frappe
CVE-2026-35614Same product: Frappe Frappe
CVE-2025-30213Same product: Frappe Frappe
CVE-2025-68929Same product: Frappe Frappe
CVE-2026-31877Same product: Frappe Frappe
CVE-2025-30214Same product: Frappe Frappe
CVE-2026-28436Same product: Frappe Frappe
CVE-2026-29077Same product: Frappe Frappe
CVE-2025-30217Same product: Frappe Frappe

References