CVE-2025-67289

Published December 22nd, 2025

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

N/A

Affected

1

PROJECT

Description

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.

GitHub