Unrated severityNVD Advisory· Published Nov 26, 2025· Updated Dec 3, 2025
Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller
CVE-2025-11461
Description
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/frappe/crm/pull/1339mitrepatch
- fluidattacks.com/advisories/ozmitrethird-party-advisory
News mentions
0No linked articles in our index yet.