Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

Frappe has an Open Redirect on Login Page

CVE-2025-62407

Description

Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.

Affected products

Frappe/Frappev5
Range: >= 15.0.0, < 15.83.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/frappe/security/advisories/GHSA-j9jr-qrpj-g855mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000