CNNVD-202512-4972 Information
CNNVD ID
CNNVD-202512-4972
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.99.6之前版本和15.88.1之前版本存在安全漏洞,该漏洞源于特制链接可诱骗用户访问,可能导致远程代码执行。
Description (English)
Frappe Technologys Frappe is a Web development framework based on Python, Mariadb and integrated front-end pages of Frappe Technologys India. There is a security loophole in previous versions of Frappe Technologies 14.99.6 and 15.88.1, which stems from the fact that specially designed links can induce users to access and may result in remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Frappe Technologies
Published
2025-12-29
Last Modified
2026-02-24
References
https://github.com/frappe/frappe/security/advisories/GHSA-qq98-vfv9-xmxh https://github.com/frappe/frappe/releases/tag/v15.88.1 https://github.com/frappe/frappe/releases/tag/v14.99.6 https://access.redhat.com/security/cve/cve-2025-68929
Patch
https://github.com/frappe/frappe/releases
Share on: