CVE-2025-30217 – This SQL injection vulnerability in Frappe Fram... (How to Fix)

Q: What is the severity of CVE-2025-30217?

CVE-2025-30217 has a CVSS score of 7.5 (HIGH). This SQL injection vulnerability in Frappe Framework allows attackers to execute arbitrary SQL queries through the application. It affects all Frappe Framework deployments prior to versions 14.93.2 and 15.55.0, potentially exposing sensitive database information.

📋 TL;DR

This SQL injection vulnerability in Frappe Framework allows attackers to execute arbitrary SQL queries through the application. It affects all Frappe Framework deployments prior to versions 14.93.2 and 15.55.0, potentially exposing sensitive database information.

💻 Affected Systems

Products:

Frappe Framework

Versions: All versions prior to 14.93.2 (v14) and 15.55.0 (v15)

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Frappe-based applications using vulnerable framework versions are affected

📦 What is this software?

Frappe by Frappe

View all CVEs affecting Frappe →

Frappe by Frappe

View all CVEs affecting Frappe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of sensitive data, authentication bypass, or data manipulation/deletion

🟠

Likely Case

Unauthorized access to sensitive information stored in the database

🟢

If Mitigated

Limited impact with proper input validation and database permissions in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

SQL injection typically requires some level of application access but can be exploited through various input vectors

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.93.2 or 15.55.0

Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-6phg-4wmq-h5h3

Restart Required: No

Instructions:

1. Identify your Frappe version (v14 or v15). 2. Update to 14.93.2 if on v14 or 15.55.0 if on v15. 3. Run 'bench update' command. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

No workarounds available

all

The vendor advisory states no known workarounds exist

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in custom code
Restrict database user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Check Frappe version using 'bench version' command and compare against vulnerable versions

Check Version:

bench version

Verify Fix Applied:

Confirm version is 14.93.2 or higher (v14) or 15.55.0 or higher (v15) using 'bench version'

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in application logs
Multiple failed SQL syntax attempts
Unexpected database access from application user

Network Indicators:

Unusual database connection patterns from application servers
Large data transfers from database to unexpected sources

SIEM Query:

source="frappe_logs" AND (message="*SQL*error*" OR message="*syntax*error*")

📊 Metadata

CVE ID: CVE-2025-30217

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.09% exploit probability (25.6th percentile)

Published: March 26, 2025

Last Updated: August 1, 2025

🔗 References

https://github.com/frappe/frappe/security/advisories/GHSA-6phg-4wmq-h5h3 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30217, you might also want to check these: