Unrated severityNVD Advisory· Published Sep 17, 2025· Updated Sep 18, 2025

Frappe Learning vulnerable to Malicious Content upload via Profile bio field

CVE-2025-59415

Description

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users.

Affected products

Frappe/Lmsv5
Range: <= 2.34.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/lms/commit/ed162e254690772365d4d1365f176b59bc4db72dmitrex_refsource_MISC
github.com/frappe/lms/security/advisories/GHSA-h7gh-3vq5-96jxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000