CVE-2025-56380

Published October 2nd, 2025

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

MoAlali/CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint.

GitHub