Security Advisory

CVE-2025-56380

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-02 00:00:00
Last updated 2025-10-02 18:06:15
Assigner mitre
State PUBLISHED

Description

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter