CNNVD-202512-3963 Information

CNNVD ID

CNNVD-202512-3963

Related CVE

CVE-2025-67289

• CNNVD Published: 2025-12-22

Description (Chinese)

Frappe Framework是印度Frappe公司的一款基于Python和JavaScript的元数据驱动的全栈Web应用程序框架。 Frappe Framework v15.89.0的Attachments模块存在安全漏洞，该漏洞源于上传特制XML文件可能导致执行任意代码。

Description (English)

Frappe Framework is a fully-fledged Web application framework based on metadata driven by Python and JavaScript by the Indian company Frappe. The Attachments module of Frappe Framework v15.89.0 has a security gap, which stems from the possibility that uploading a special XML file may result in the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FreeImage

Published

2025-12-22

Last Modified

2026-02-24

References

http://erpnext.com http://frappe.com https://github.com/vuquyen03/CVE/blob/main/CVE-2025-67289/README.md https://access.redhat.com/security/cve/cve-2025-67289