High severity8.8NVD Advisory· Published Dec 9, 2025· Updated Apr 14, 2026
CVE-2025-10655
CVE-2025-10655
Description
SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- fluidattacks.com/advisories/dyangonvdExploitThird Party Advisory
- github.com/frappe/helpdesk/pull/2795nvdExploitIssue Tracking
News mentions
0No linked articles in our index yet.