CNNVD-202512-630 Information

CNNVD ID

CNNVD-202512-630

Related CVE

CVE-2025-66581

• CNNVD Published: 2025-12-05

Description (Chinese)

Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.41.0之前版本存在安全漏洞，该漏洞源于服务器端授权逻辑缺陷，可能导致低权限用户执行高权限操作。

Description (English)

Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. There was a security loophole in previous versions of FrappeLearning Management System 2.41.0, which stemmed from the logical defect of the server-end authorization, which could lead to low-permit users performing high-permit operations.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Frappe

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/frappe/lms/security/advisories/GHSA-2ch7-c74m-432m https://access.redhat.com/security/cve/cve-2025-66581

Patch

https://github.com/frappe/lms/releases