CNNVD-202507-1018 Information
CNNVD ID
CNNVD-202507-1018
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe存在授权问题漏洞,该漏洞源于缺少服务器端验证,可能导致绕过双因素认证。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is a mandate gap in Frappe Technologies Frappe, which results from a lack of server-end authentication, which may lead to double-factor authentication.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
Frappe Technologies
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/frappe/press/security/advisories/GHSA-fwfh-vhjg-45q4 https://github.com/frappe/press/commit/ddb439f8eb1816010f2ef653a908648b71f9bba8 https://access.redhat.com/security/cve/cve-2025-53545
Patch
https://github.com/frappe/press/commit/ddb439f8eb1816010f2ef653a908648b71f9bba8
Share on: