CVE-2025-10655

Published December 9th, 2025

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0.

frappe/helpdesk

Modern, Streamlined, Free and Open Source Customer Service Software

GitHub

3.18K