CVE-2025-30212 – An SQL injection vulnerability in Frappe Framew... (How to Fix)

Q: What is the severity of CVE-2025-30212?

CVE-2025-30212 has a CVSS score of 7.5 (HIGH). An SQL injection vulnerability in Frappe Framework allows attackers to execute arbitrary SQL commands through crafted inputs. This could lead to unauthorized access to sensitive database information. All Frappe Framework deployments prior to versions 14.89.0 and 15.51.0 are affected.

📋 TL;DR

An SQL injection vulnerability in Frappe Framework allows attackers to execute arbitrary SQL commands through crafted inputs. This could lead to unauthorized access to sensitive database information. All Frappe Framework deployments prior to versions 14.89.0 and 15.51.0 are affected.

💻 Affected Systems

Products:

Frappe Framework

Versions: All versions prior to 14.89.0 and 15.51.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Frappe-based applications using vulnerable framework versions are affected regardless of configuration.

📦 What is this software?

Frappe by Frappe

View all CVEs affecting Frappe →

Frappe by Frappe

View all CVEs affecting Frappe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data manipulation, and potential privilege escalation to execute arbitrary code on the database server.

🟠

Likely Case

Unauthorized access to sensitive application data such as user credentials, personal information, financial records, or business data stored in the database.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of Frappe's query structure and database schema. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.89.0 or 15.51.0

Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-3hj6-r5c9-q8f3

Restart Required: No

Instructions:

1. Identify current Frappe Framework version. 2. Upgrade to version 14.89.0 (for v14 branch) or 15.51.0 (for v15 branch). 3. Test application functionality after upgrade. 4. Monitor for any issues.

🔧 Temporary Workarounds

No workaround available

all

The vendor states no workaround exists. Upgrading is the only solution.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user inputs
Apply database-level controls: restrict application database user permissions, enable query logging, and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Frappe Framework version via bench version command or inspect frappe/__init__.py file for version number

Check Version:

bench version

Verify Fix Applied:

Confirm version is 14.89.0 or higher (for v14) or 15.51.0 or higher (for v15)

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts with SQL-like payloads
Unexpected database errors in application logs

Network Indicators:

Unusual database connection patterns
Large data transfers from database server

SIEM Query:

source="frappe_logs" AND (message="*SQL*" OR message="*database*error*")

📊 Metadata

CVE ID: CVE-2025-30212

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.1% exploit probability (27.9th percentile)

Published: March 25, 2025

Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30212, you might also want to check these: