CVE-2025-11461

Published November 26th, 2025

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.

frappe/crm

Fully featured, open source CRM

GitHub

2.8K