High severityNVD Advisory· Published Mar 25, 2025· Updated Mar 25, 2025

Frappe vulnerable to information disclosure leading to account takeover

CVE-2025-30214

Description

Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
frappePyPI	< 14.89.0	14.89.0
frappePyPI	>= 15.0.0, < 15.51.0	15.51.0

Affected products

ghsa-coords
pkg:pypi/frappe
Range: < 14.89.0
Frappe/Frappev5
Range: < 14.89.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-qrv3-jc3h-f3m6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-30214ghsaADVISORY
github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000