Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Oct 1, 2025

CVE-2025-52039

Description

In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter.

Affected products

Frappe/ERPNextdescription
Frappe/Erpnextllm-fuzzy
Range: = 15.57.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.mdmitre
github.com/frappe/erpnext/pull/49192/commits/de919568b4f7a86c8d418c0c3fd88e1f3101696cmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000