CVE-2025-62407 – This CVE describes an open redirect vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-62407?

CVE-2025-62407 has a CVSS score of 6.1 (MEDIUM). This CVE describes an open redirect vulnerability in Frappe web framework's login page. Attackers can craft malicious URLs that redirect users to arbitrary external sites after login. All Frappe applications using vulnerable versions are affected.

📋 TL;DR

This CVE describes an open redirect vulnerability in Frappe web framework's login page. Attackers can craft malicious URLs that redirect users to arbitrary external sites after login. All Frappe applications using vulnerable versions are affected.

💻 Affected Systems

Products:

Frappe Framework

Versions: All versions prior to 14.98.0 and 15.83.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the login page specifically when redirect parameter is used with specific URL types.

📦 What is this software?

Frappe by Frappe

View all CVEs affecting Frappe →

Frappe by Frappe

View all CVEs affecting Frappe →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise and data breaches.

🟠

Likely Case

Attackers use this for phishing campaigns, tricking users into visiting malicious sites by abusing the legitimate Frappe domain in redirects.

🟢

If Mitigated

With proper user awareness training and browser security controls, users might recognize suspicious redirects before entering sensitive information.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting specific URL patterns and social engineering to get users to click malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.98.0 or 15.83.0

Vendor Advisory: https://github.com/frappe/frappe/security/advisories/GHSA-j9jr-qrpj-g855

Restart Required: No

Instructions:

1. Identify your Frappe version. 2. Upgrade to 14.98.0 if on version 14.x. 3. Upgrade to 15.83.0 if on version 15.x. 4. Test the login functionality after upgrade.

🔧 Temporary Workarounds

Input validation for redirect parameter

all

Implement server-side validation to only allow redirects to trusted domains or relative paths

🧯 If You Can't Patch

Implement WAF rules to block malicious redirect patterns in URLs
Monitor logs for suspicious redirect attempts and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if Frappe version is below 14.98.0 (for v14) or below 15.83.0 (for v15)

Check Version:

bench version

Verify Fix Applied:

Test login with various redirect URLs to confirm only allowed redirects work

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in authentication logs
Multiple failed login attempts with external URLs in redirect parameter

Network Indicators:

HTTP 302 redirects to external domains after login
Suspicious referrer headers

SIEM Query:

source="frappe_logs" AND (redirect_url CONTAINS "http://" OR redirect_url CONTAINS "https://") AND NOT redirect_url CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2025-62407

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: October 16, 2025

Last Updated: October 23, 2025

🔗 References

https://github.com/frappe/frappe/security/advisories/GHSA-j9jr-qrpj-g855 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62407, you might also want to check these: