CNNVD-202510-3456 Information

CNNVD ID

CNNVD-202510-3456

Related CVE

CVE-2025-62778

• CNNVD Published: 2025-10-27

Description (Chinese)

Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.39.1及之前版本存在安全漏洞，该漏洞源于学生可通过URL访问Quiz Form，可能导致未授权访问。

Description (English)

Frappe Learning is an easy-to-use open-source learning management system for Frappe open sources. There is a security loophole in Frappe Learning 2.39.1 and earlier versions, which stems from students ’ access to Quiz Form through URLs, which may lead to unauthorized access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Frappe

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/frappe/lms/security/advisories/GHSA-8xvv-6v89-xxgx https://github.com/frappe/lms/commit/8749e21744547ae32f729bde05c854113e126750 https://access.redhat.com/security/cve/cve-2025-62778

Patch

https://github.com/frappe/lms/releases