Security Advisory

CVE-2025-66205

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-01 20:26:14

Last updated 2025-12-01 21:19:52

Assigner GitHub_M

State PUBLISHED

Description

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2.

← Browse all CVEs View on cve.org ↗