CVE-2025-52895 – This SQL injection vulnerability in the Frappe ... (How to Fix)

Q: What is the severity of CVE-2025-52895?

CVE-2025-52895 has a CVSS score of 7.5 (HIGH). This SQL injection vulnerability in the Frappe web application framework allows attackers to execute arbitrary SQL commands via specially crafted requests. It affects all Frappe installations prior to versions 14.94.3 and 15.58.0, potentially exposing sensitive database information to unauthorized users.

📋 TL;DR

This SQL injection vulnerability in the Frappe web application framework allows attackers to execute arbitrary SQL commands via specially crafted requests. It affects all Frappe installations prior to versions 14.94.3 and 15.58.0, potentially exposing sensitive database information to unauthorized users.

💻 Affected Systems

Products:

Frappe Framework

Versions: All versions prior to 14.94.3 and 15.58.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Frappe-based applications using vulnerable versions of the framework.

📦 What is this software?

Frappe by Frappe

View all CVEs affecting Frappe →

Frappe by Frappe

View all CVEs affecting Frappe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of sensitive user data, credentials, business information, and potential data manipulation or deletion.

🟠

Likely Case

Unauthorized access to sensitive information stored in the database, potentially including user credentials, personal data, and business records.

🟢

If Mitigated

Limited or no impact if proper input validation and parameterized queries are implemented, though the core vulnerability remains until patched.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated access is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.94.3 or 15.58.0

Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-mhj8-jfhf-mcw9

Restart Required: Yes

Instructions:

1. Identify your Frappe version. 2. Upgrade to either 14.94.3 (for version 14) or 15.58.0 (for version 15). 3. Restart the Frappe application server. 4. Verify the upgrade was successful.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user inputs
Deploy a web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check Frappe version via bench version command or inspect the frappe/__init__.py file for version number

Check Version:

bench version

Verify Fix Applied:

Verify version is 14.94.3 or higher for version 14, or 15.58.0 or higher for version 15

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by complex queries
Requests with SQL keywords in parameters

Network Indicators:

HTTP requests containing SQL syntax in parameters
Unusual database connection patterns from application servers

SIEM Query:

source="frappe.logs" AND (message="*SELECT*" OR message="*UNION*" OR message="*INSERT*" OR message="*DELETE*") AND NOT message="*normal*"

📊 Metadata

CVE ID: CVE-2025-52895

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.04% exploit probability (12.3th percentile)

Published: June 30, 2025

Last Updated: July 8, 2025

🔗 References

https://github.com/frappe/frappe/commit/c795e351be033070174437324d74f44759a744a6 Patch
https://github.com/frappe/frappe/commit/f0933590103c80c6393647dd0403d399e64c951c Patch
https://github.com/frappe/frappe/pull/31526 Issue Tracking
https://github.com/frappe/frappe/security/advisories/GHSA-mhj8-jfhf-mcw9 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52895, you might also want to check these: