Medium severityOSV Advisory· Published Jul 8, 2025· Updated Apr 15, 2026

CVE-2025-53545

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Affected products

Frappe/PressOSV

Patches

ddb439f8eb18

https://github.com/frappe/pressvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/frappe/press/commit/ddb439f8eb1816010f2ef653a908648b71f9bba8nvd
github.com/frappe/press/security/advisories/GHSA-fwfh-vhjg-45q4nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000