CVE-2025-30214 – This vulnerability in Frappe framework allows a... (How to Fix)

Q: What is the severity of CVE-2025-30214?

CVE-2025-30214 has a CVSS score of 7.5 (HIGH). This vulnerability in Frappe framework allows attackers to make crafted requests that disclose sensitive information, potentially leading to account takeover. It affects all Frappe installations running versions before 14.89.0 or 15.51.0. The information disclosure could expose authentication tokens or session data.

📋 TL;DR

This vulnerability in Frappe framework allows attackers to make crafted requests that disclose sensitive information, potentially leading to account takeover. It affects all Frappe installations running versions before 14.89.0 or 15.51.0. The information disclosure could expose authentication tokens or session data.

💻 Affected Systems

Products:

Frappe Framework

Versions: All versions before 14.89.0 (for v14) and before 15.51.0 (for v15)

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Frappe-based applications are affected if using vulnerable framework versions.

📦 What is this software?

Frappe by Frappe

View all CVEs affecting Frappe →

Frappe by Frappe

View all CVEs affecting Frappe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover leading to unauthorized access, data theft, privilege escalation, and potential lateral movement within the system.

🟠

Likely Case

Information disclosure exposing session tokens or user data that could be used for limited account compromise.

🟢

If Mitigated

Minimal impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires crafting specific requests; no public exploit available at advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.89.0 or 15.51.0

Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6

Restart Required: No

Instructions:

1. Identify your Frappe version. 2. Upgrade to 14.89.0 if on v14 branch. 3. Upgrade to 15.51.0 if on v15 branch. 4. Test application functionality after upgrade.

🔧 Temporary Workarounds

No workaround available

all

The advisory states there is no workaround without upgrading.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted sources only.
Enhance monitoring for unusual request patterns and information disclosure attempts.

🔍 How to Verify

Check if Vulnerable:

Check Frappe version via bench version command or inspect frappe/__init__.py for version number.

Check Version:

bench version

Verify Fix Applied:

Confirm version is 14.89.0 or higher (v14) or 15.51.0 or higher (v15) after upgrade.

📡 Detection & Monitoring

Log Indicators:

Unusual request patterns to Frappe endpoints
Multiple failed authentication attempts followed by information disclosure requests

Network Indicators:

Abnormal HTTP request sequences to Frappe API endpoints
Traffic patterns suggesting crafted request attempts

SIEM Query:

source="frappe_logs" AND (message="*crafted*" OR message="*disclosure*")

📊 Metadata

CVE ID: CVE-2025-30214

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.13% exploit probability (33.1th percentile)

Published: March 25, 2025

Last Updated: August 1, 2025

🔗 References

https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30214, you might also want to check these: