Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-30212

Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no other workaround is present.

Published: Mar 25, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-30212
GHSA: GHSA-3hj6-r5c9-q8f3
Severity: Medium
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
frappe	-	14.89.0
frappe	15.0.0	15.51.0
frappe / frappe	-	14.89.0
frappe / frappe	15.0.0	15.51.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo