Home

Description

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

PUBLISHED Reserved 2025-08-16 | Published 2025-10-02 | Updated 2025-10-02 | Assigner mitre

References

github.com/MoAlali

github.com/MoAlali/CVE-2025-56380

cve.org (CVE-2025-56380)

nvd.nist.gov (CVE-2025-56380)

Download JSON