← Voltar para CVEs
CVE-2025-68953
HIGH7.5
Descricao
Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in versions 14.99.6 and 15.88.1. To workaround, changing the setup to use a reverse proxy is recommended.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/5/2026
Ultima modificacao1/9/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
frappe:frappe
Fraquezas (CWE)
CWE-22
Referencias
https://github.com/frappe/frappe/commit/3867fb112c3f7be1a863e40f19e9235719f784fb(security-advisories@github.com)
https://github.com/frappe/frappe/commit/959efd6a498cfaeaf7d4e0ab6cca78c36192d34d(security-advisories@github.com)
https://github.com/frappe/frappe/security/advisories/GHSA-xj39-3g4p-f46v(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.