CVE-2025-62407

Published October 16th, 2025

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.

frappe/frappe

Low code web framework for real world applications, in Python and Javascript

GitHub

10.3K