Moderate severityNVD Advisory· Published Mar 26, 2025· Updated Mar 31, 2025

Frappe has possibility of SQL injection due to improper validations

CVE-2025-30217

Description

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
frappePyPI	< 14.93.2	14.93.2
frappePyPI	>= 15.0.0, < 15.55.0	15.55.0

Affected products

ghsa-coords
pkg:pypi/frappe
Range: < 14.93.2
Frappe/Frappev5
Range: < 14.93.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-6phg-4wmq-h5h3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-30217ghsaADVISORY
github.com/frappe/frappe/security/advisories/GHSA-6phg-4wmq-h5h3ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000