MoAlali/CVE-2025-56380

Releases0

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56380 ↗	Oct 2, 2025Thursday, 2 October 2025, 14:15	6.5 MEDIUM	—
Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter