← Zuruck zu CVEs
CVE-2025-64707
MEDIUM5.4
Beschreibung
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is cleared after roles are updated.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht11/12/2025
Zuletzt geandert11/17/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
frappe:learning
Schwachen (CWE)
CWE-863
Referenzen
https://github.com/frappe/lms/security/advisories/GHSA-w2gf-rchw-x6vm(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.