VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

Frappe has an Open Redirect on Login Page

CVE-2025-62407

Description

Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Frappe/Frappellm-fuzzy2 versions
    <14.98.0, <15.83.0+ 1 more
    • (no CPE)range: <14.98.0, <15.83.0
    • (no CPE)range: >= 15.0.0, < 15.83.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.