Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Nov 13, 2025

Frappe user was able to access the submission of other students

CVE-2025-64705

Description

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed via direct URL.

Affected products

Frappe/Lmsv5
Range: >= 2.0.0, < 2.41.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/lms/security/advisories/GHSA-qrvv-6g7r-g3v8mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000