Unrated severityNVD Advisory· Published Sep 15, 2025· Updated Sep 15, 2025

CVE-2025-52048

Description

In Frappe 15.x.x before 15.72.0 and 14.x.x before 14.96.10, in the function add_tag() at frappe/desk/doctype/tag/tag.py is vulnerable to SQL Injection, which allows an attacker to extract information from databases by injecting a SQL query into the dt parameter.

Affected products

Frappe/Frappedescription
Frappe/Frappellm-fuzzy
Range: 14.x.x < 14.96.10, 15.x.x < 15.72.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/blob/main/2025/Frappe%20Framework%20-%20Multiple%20SQL%20Injection.mdmitre
github.com/frappe/frappe/security/advisories/GHSA-mggw-6xqj-rphjmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000